Vulnerability Details : CVE-2016-1461
Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.
Vulnerability category: Input validation
Products affected by CVE-2016-1461
- cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1461
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1461
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-1461
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1461
-
http://www.securityfocus.com/bid/92155
Cisco Email Security Appliance CVE-2016-1461 Remote Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1036470
Cisco Email Security Appliance AsyncOS Lets Remote Users Bypass Security Restrictions on the Target System - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-esa
Cisco Email Security Appliance File Type Filtering VulnerabilityVendor Advisory
Jump to