CVE-2016-6463

CWE-20 — Improper Input Validation5 documents5 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 61.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Email Security Appliance Firmware

Timeline

PublishedNov 19

Latest updateMay 17

Description

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/email_security_appliance_firmware10.0.0-082, 9.7.0-125, 9.7.1-06+2

▶CVEListV5cisco_asyncos_9.7.1-066_through_10.0.0-082Cisco AsyncOS 9.7.1-066 through 10.0.0-082

🔴Vulnerability Details

GHSA

GHSA-q66r-5p58-mh9q: A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, rem↗2022-05-17

▶

CVEList

CVE-2016-6463: A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, rem↗2016-11-19

▶

📋Vendor Advisories

Cisco

Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability↗2016-11-16

▶