NVD

Id
21152  
Name
CVE-2016-6372  
Description
A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2016-10-28  
Modified Date
2016-11-28  
Seq
2016-6372  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
115120 21152 CVE-2016-6372 93911  View
115121 21152 CVE-2016-6372 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
4879 JVNDB-2016-005652 Cisco ESA および WSA 上で稼動する AsyncOS ソフトウェアの不正な形式の MIME ヘッダにおけるフィルタリング機能を回避される脆弱性 Cisco E メール セキュリティ アプライアンス (ESA) および Web セキュリティ アプライアンス (WSA) 上で稼動する AsyncOS ソフトウェアの不正な形式の Multipurpose Internet Mail Extensions (MIME) ヘッダの電子メールメッセージおよびコンテンツフィルタリングには、フィルタリング機能を回避される脆弱性が存在します。 CVE-2016-6372 92879 CVE-2016-6372 21152 5 7.5 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-005652.html 2016-10-26 2016-11-01 View