CVE-2016-1411

MEDIUM

Cisco AsyncOS Software - Impersonation

Title source: llm

Description

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.

References (2)

Scores

CVSS v3 5.9
EPSS 0.0022
EPSS Percentile 44.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE
CWE-310
Status published

Affected Products (17)

cisco/content_security_management_appliance
cisco/content_security_management_appliance
cisco/content_security_management_appliance
cisco/content_security_management_appliance
cisco/content_security_management_appliance
cisco/content_security_management_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/web_security_appliance
cisco/web_security_appliance
... and 2 more

Timeline

Published Dec 14, 2016
Tracked Since Feb 18, 2026