CVE-2016-6416

CWE-119Buffer Overflow4 documents4 sources
Severity
5.9MEDIUM
EPSS
0.9%
top 24.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Content Security Management ApplianceCisco Email Security ApplianceCisco WEB Security Appliance
Timeline
PublishedOct 5
Latest updateMay 17

Description

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-7cpm-6ch9-5qff: The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 92022-05-17
CVEList
CVE-2016-6416: The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 92016-10-05

📋Vendor Advisories

1
Cisco
Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability2016-09-28
CVE-2016-6416 (MEDIUM CVSS 5.9) | The FTP service in Cisco AsyncOS on | cvebase.io