CVE-2016-6458
HIGHCisco AsyncOS < 10.0.0-125 and 9.7.1-066 - Unauthenticated Content Filter Bypass
Title source: llmDescription
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037182
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94074
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa
Scores
CVSS v3
7.5
EPSS
0.0221
EPSS Percentile
80.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (9)
cisco/email_security_appliance_firmware
9.7.1-066
cisco/email_security_appliance_firmware
9.7.2-046
cisco/email_security_appliance_firmware
9.7.2-047
cisco/email_security_appliance_firmware
9.7.2-054
cisco/email_security_appliance_firmware
9.9.6-026
cisco/email_security_appliance_firmware
9.9_base
cisco/email_security_appliance_firmware
10.0.0-124
cisco/email_security_appliance_firmware
10.0.0-125
n/a/Cisco AsyncOS 10.0.0-125 and 9.7.1-066
Cisco AsyncOS 10.0.0-125 and 9.7.1-066
Published
Nov 19, 2016
Tracked Since
Feb 18, 2026