CVE-2016-1486

CWE-19CWE-119Buffer Overflow4 documents4 sources
Severity
7.5HIGH
EPSS
0.8%
top 26.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Email Security Appliance
Timeline
PublishedOct 28
Latest updateMay 17

Description

A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/email_security_appliance30 versions+29
CVEListV5cisco_asyncos_through_9.7.1-066Cisco AsyncOS through 9.7.1-066

🔴Vulnerability Details

2
GHSA
GHSA-87ch-4f82-95rr: A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Em2022-05-17
CVEList
CVE-2016-1486: A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Em2016-10-28

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability2016-10-26
CVE-2016-1486 (HIGH CVSS 7.5) | A vulnerability in the email attach | cvebase.io