CVE-2016-1481

HIGH

Cisco Email Security Appliance < 9.1.1-038, < 9.7.1-066 - Unauthenticated Denial of Service via Message Filter Rules

Title source: llm
STIX 2.1

Description

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037123
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93908

Scores

CVSS v3 7.5
EPSS 0.0302
EPSS Percentile 85.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (31)
cisco/email_security_appliance 8.5.0-000
cisco/email_security_appliance 8.5.0-er1-198
cisco/email_security_appliance 8.5.6-052
cisco/email_security_appliance 8.5.6-073
cisco/email_security_appliance 8.5.6-074
cisco/email_security_appliance 8.5.6-106
cisco/email_security_appliance 8.5.6-113
cisco/email_security_appliance 8.5.7-042
cisco/email_security_appliance 8.6.0
cisco/email_security_appliance 8.6.0-011
... and 21 more
Published Oct 28, 2016
Tracked Since Feb 18, 2026