CVE-2016-1481
HIGHCisco Email Security Appliance < 9.1.1-038, < 9.7.1-066 - Unauthenticated Denial of Service via Message Filter Rules
Title source: llmDescription
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037123
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93908
Scores
CVSS v3
7.5
EPSS
0.0302
EPSS Percentile
85.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (31)
cisco/email_security_appliance
8.5.0-000
cisco/email_security_appliance
8.5.0-er1-198
cisco/email_security_appliance
8.5.6-052
cisco/email_security_appliance
8.5.6-073
cisco/email_security_appliance
8.5.6-074
cisco/email_security_appliance
8.5.6-106
cisco/email_security_appliance
8.5.6-113
cisco/email_security_appliance
8.5.7-042
cisco/email_security_appliance
8.6.0
cisco/email_security_appliance
8.6.0-011
... and 21 more
Published
Oct 28, 2016
Tracked Since
Feb 18, 2026