CVE-2016-1461

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 01-08-2016 04:59

Last modified: - 01-02-2022 07:11

Total changes: - 2

Description

Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

None

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

AND

vendor=cisco AND product=asyncos AND versionEndIncluding=9.7.0-125

vendor=cisco AND product=email_security_appliance AND version=-

Reference

20160727 Cisco Email Security Appliance File Type Filtering Vulnerability-Vendor Advisory
92155-Third Party Advisory, VDB Entry
1036470-Broken Link, Third Party Advisory, VDB Entry

Keywords

CVE-2016-1461

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2016-1461

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures