CVE-2016-6357

CWE-388 CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGH

EPSS

0.2%

top 55.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Email Security Appliance

Timeline

PublishedOct 28

Latest updateMay 17

Description

A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/email_security_appliance9.7.1-066, 9.9.6-026+1

▶CVEListV5cisco_asyncos_through_9.9.6-026Cisco AsyncOS through 9.9.6-026

🔴Vulnerability Details

GHSA

GHSA-mjv5-4w95-ppq8: A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could a↗2022-05-17

▶

CVEList

CVE-2016-6357: A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could a↗2016-10-28

▶

📋Vendor Advisories

Cisco

Cisco Email Security Appliance Drop Bypass Vulnerability↗2016-10-26

▶