CVE-2016-6458

HIGH

Cisco AsyncOS < 10.0.0-125 and 9.7.1-066 - Unauthenticated Content Filter Bypass

Title source: llm
STIX 2.1

Description

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037182
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94074

Scores

CVSS v3 7.5
EPSS 0.0221
EPSS Percentile 80.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (9)
cisco/email_security_appliance_firmware 9.7.1-066
cisco/email_security_appliance_firmware 9.7.2-046
cisco/email_security_appliance_firmware 9.7.2-047
cisco/email_security_appliance_firmware 9.7.2-054
cisco/email_security_appliance_firmware 9.9.6-026
cisco/email_security_appliance_firmware 9.9_base
cisco/email_security_appliance_firmware 10.0.0-124
cisco/email_security_appliance_firmware 10.0.0-125
n/a/Cisco AsyncOS 10.0.0-125 and 9.7.1-066 Cisco AsyncOS 10.0.0-125 and 9.7.1-066
Published Nov 19, 2016
Tracked Since Feb 18, 2026