CVE-2016-6372

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGH
EPSS
0.3%
top 49.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Email Security ApplianceCisco WEB Security ApplianceCisco WEB Security Appliance 8.0.5
Timeline
PublishedOct 28
Latest updateMay 17

Description

A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release o

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDcisco/email_security_appliance35 versions+34
CVEListV5cisco_asyncos_through_wsa10.0.0-000Cisco AsyncOS through WSA10.0.0-000
NVDcisco/web_security_appliance41 versions+40

🔴Vulnerability Details

2
GHSA
GHSA-mmwx-jr3w-37h2: A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Softwar2022-05-17
CVEList
CVE-2016-6372: A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Softwar2016-10-28

📋Vendor Advisories

1
Cisco
Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability2016-10-26
CVE-2016-6372 (HIGH CVSS 7.5) | A vulnerability in the email messag | cvebase.io