CVE-2016-1461Improper Input Validation in Cisco Asyncos

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 26.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Asyncos
Timeline
PublishedAug 1
Latest updateMay 13

Description

Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcisco/asyncos9.7.0-125

🔴Vulnerability Details

2
GHSA
GHSA-6cxc-3h4m-cqfx: Cisco AsyncOS on Email Security Appliance (ESA) devices through 92022-05-13
CVEList
CVE-2016-1461: Cisco AsyncOS on Email Security Appliance (ESA) devices through 92016-08-01

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance File Type Filtering Vulnerability2016-07-27
CVE-2016-1461 — Improper Input Validation in Cisco | cvebase