CVE-2016-1315

HIGH

Cisco AMP ESA <9.7.0-125 - Auth Bypass

Title source: llm
STIX 2.1

Description

The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035008

Scores

CVSS v3 7.5
EPSS 0.0143
EPSS Percentile 69.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-284
Status published
Products (5)
cisco/email_security_appliance_firmeware 9.1.0-032
cisco/email_security_appliance_firmeware 9.5.0-201
cisco/email_security_appliance_firmeware 9.6.0-051
cisco/email_security_appliance_firmeware 9.7.0-125
cisco/email_security_appliance_firmeware 9.7.0-782
Published Feb 12, 2016
Tracked Since Feb 18, 2026