Vulnerability Details : CVE-2016-1411
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.
Products affected by CVE-2016-1411
- cpe:2.3:a:cisco:web_security_appliance:8.8.0-000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_appliance:7.7.5-835:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_appliance:7.7.0-608:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:8.5.1-021:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:7.6.3-025:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:7.5.2-201:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:7.5.2-hp2-303:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:8.0.1-023:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1411
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1411
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2016-1411
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1411
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos
Cisco Security Appliances AsyncOS Software Update Server Certificate Validation VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/94791
Cisco AsyncOS Software CVE-2016-1411 Man in the Middle Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to