CVE-2016-6416

MEDIUM

Cisco AsyncOS - DoS

Title source: llm

Description

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.

References (5)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036915

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036916

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036917

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93198

Scores

CVSS v3 5.9

EPSS 0.0089

EPSS Percentile 75.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119

Status published

Affected Products (22)

cisco/content_security_management_appliance

cisco/content_security_management_appliance

cisco/content_security_management_appliance

cisco/content_security_management_appliance

cisco/content_security_management_appliance

cisco/content_security_management_appliance

cisco/content_security_management_appliance

cisco/email_security_appliance

cisco/email_security_appliance

cisco/email_security_appliance

cisco/email_security_appliance

cisco/email_security_appliance

cisco/email_security_appliance

cisco/web_security_appliance

cisco/web_security_appliance

... and 7 more

Timeline

Published Oct 05, 2016

Tracked Since Feb 18, 2026