CVE-2016-1423 : A vulnerability in the display of email messages in the Messages in Quarantine (

A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047.

Published 2016-10-28 10:59:00

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2016-1423

Cisco » Email Security Appliance » Version: 9.1.0-032
cpe:2.3:a:cisco:email_security_appliance:9.1.0-032:*:*:*:*:*:*:*
Matching versions
Cisco » Email Security Appliance » Version: 9.0.0
cpe:2.3:a:cisco:email_security_appliance:9.0.0:*:*:*:*:*:*:*
Matching versions
Cisco » Email Security Appliance » Version: 9.0.0-461
cpe:2.3:a:cisco:email_security_appliance:9.0.0-461:*:*:*:*:*:*:*
Matching versions
Cisco » Email Security Appliance » Version: 9.0.0-212
cpe:2.3:a:cisco:email_security_appliance:9.0.0-212:*:*:*:*:*:*:*
Matching versions
Cisco » Email Security Appliance » Version: 9.0.5-000
cpe:2.3:a:cisco:email_security_appliance:9.0.5-000:*:*:*:*:*:*:*
Matching versions
Cisco » Email Security Appliance » Version: 9.1.0-011
cpe:2.3:a:cisco:email_security_appliance:9.1.0-011:*:*:*:*:*:*:*
Matching versions
Cisco » Email Security Appliance » Version: 8.9.1-000
cpe:2.3:a:cisco:email_security_appliance:8.9.1-000:*:*:*:*:*:*:*
Matching versions
Cisco » Email Security Appliance » Version: 8.9.2-032
cpe:2.3:a:cisco:email_security_appliance:8.9.2-032:*:*:*:*:*:*:*
Matching versions
Cisco » Email Security Appliance » Version: 9.1.0-101
cpe:2.3:a:cisco:email_security_appliance:9.1.0-101:*:*:*:*:*:*:*
Matching versions
Cisco » Email Security Appliance » Version: 8.9.0
cpe:2.3:a:cisco:email_security_appliance:8.9.0:*:*:*:*:*:*:*
Matching versions
Cisco » Email Security Appliance » Version: 9.1.0
cpe:2.3:a:cisco:email_security_appliance:9.1.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-1423

EPSS FAQ

0.36%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 55 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-1423

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.1	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2016-1423

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-1423

http://www.securitytracker.com/id/1037113

Cisco Email Security Appliance Lets Remote Users Bypass Certain Quarantine Restrictions on the Target System - SecurityTracker
http://www.securityfocus.com/bid/93912

Cisco AsyncOS CVE-2016-1423 Remote Security Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa4

Cisco Email Security Appliance Quarantine Email Rendering Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2016-1423

Products affected by CVE-2016-1423

Exploit prediction scoring system (EPSS) score for CVE-2016-1423

CVSS scores for CVE-2016-1423

CWE ids for CVE-2016-1423

References for CVE-2016-1423