PT-2016-6853 · Cisco · Cisco Web Security Appliances+2
Published
2016-10-28
·
Updated
2017-07-29
·
CVE-2016-6372
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) versions prior to 10.0.0-125
Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) versions prior to 9.7.2-047
Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) versions prior to 9.1.1-038
Description
A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed.
Recommendations
For versions prior to 10.0.0-125, update to version 10.0.0-125 or later.
For versions prior to 9.7.2-047, update to version 9.7.2-047 or later.
For versions prior to 9.1.1-038, update to version 9.1.1-038 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Asyncos
Cisco Email Security Appliances
Cisco Web Security Appliances