CVE-2016-6458

CWE-20Improper Input ValidationCWE-200Information Exposure4 documents4 sources
Severity
7.5HIGH
EPSS
0.2%
top 56.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Email Security Appliance Firmware
Timeline
PublishedNov 19
Latest updateMay 17

Description

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is con

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco_asyncos_10.0.0-125_and_9.7.1-066Cisco AsyncOS 10.0.0-125 and 9.7.1-066

🔴Vulnerability Details

2
GHSA
GHSA-59rc-rp6p-jq6c: A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, r2022-05-17
CVEList
CVE-2016-6458: A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, r2016-11-19

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability2016-11-02
CVE-2016-6458 (HIGH CVSS 7.5) | A vulnerability in the content filt | cvebase.io