VAR-201610-0318
Vulnerability from variot - Updated: 2023-12-18 14:05A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. Vendors have confirmed this vulnerability Bug ID CSCuy54740 and CSCuy75174 It is released as.A third party could bypass the filtering function. Cisco AsyncOS for Email and Web Security Appliances are products of Cisco. CiscoAsyncOSforEmailSecurityAppliances is a set of operating systems used by Cisco Systems in the E-mail Security Appliance (ESA). Cisco Web Security Appliance (WSA) is a network security appliance. A remote security bypass vulnerability exists in CiscoAsyncOSforEmail and WebSecurityAppliances. An attacker could exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. This may aid in further attacks This issue is tracked by Cisco Bug IDs CSCuy54740 and CSCuy75174
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.9.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.5.0-201"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.7"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.5.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-106"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.6"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.7.5-835"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7.0-125"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-074"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.8.0-085"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-052"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.5"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.0-608"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-461"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0_base"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-113"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.3-055"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-193"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.1-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5_base"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.4"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.7-142"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.6.0-623"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0_base"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.2-027"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.2-024"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-101"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.2-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.2-hp2-303"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.2-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.1-021"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.0-825"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.1-023"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-er1-198"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.6.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1_base"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-497"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.5-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.4.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-011"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.6-078"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.6-119"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9.6-026"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-051"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-444"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-212"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-073"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-042"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.1-000"
},
{
"model": "web security appliance 8.0.5",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "hot_patch_1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.4.4-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9_base"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-070"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.8.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.8-mr-113"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.6.0-011"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0.000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-284"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-235"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.2"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "web security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "BID",
"id": "93911"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.1.0-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.9_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.9.1-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.5.2-024:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.5.0-235:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.5.7-042:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance_8.0.5:hot_patch_1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.0_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-032:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.5.2-027:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.8.0-085:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.0.7-142:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-074:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-101:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-461:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.1_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.0.6-119:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.1.1-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.5.0-444:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:5.6.0-623:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.0.1-023:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.6.0-011:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-106:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.0.0-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.5.0-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-113:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:6.0.0-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-052:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.7.0-608:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.0_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.7.1-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.5.2-hp2-303:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.7.0-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.5.0-284:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.9.2-032:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.5.1-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.0.6-078:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-193:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.0.8-mr-113:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.7.5-835:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.5.0.000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.1.0-070:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.9.6-026:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-073:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-212:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:9.5_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.5.3-055:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.5.0-825:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.0.5-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.8.0-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-011:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:7.5.2-000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.5.1-021:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:8.5.0-497:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6372"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93911"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6372",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-6372",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10403",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-95192",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-6372",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6372",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-10403",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-748",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95192",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "VULHUB",
"id": "VHN-95192"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. Vendors have confirmed this vulnerability Bug ID CSCuy54740 and CSCuy75174 It is released as.A third party could bypass the filtering function. Cisco AsyncOS for Email and Web Security Appliances are products of Cisco. CiscoAsyncOSforEmailSecurityAppliances is a set of operating systems used by Cisco Systems in the E-mail Security Appliance (ESA). Cisco Web Security Appliance (WSA) is a network security appliance. A remote security bypass vulnerability exists in CiscoAsyncOSforEmail and WebSecurityAppliances. An attacker could exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. This may aid in further attacks\nThis issue is tracked by Cisco Bug IDs CSCuy54740 and CSCuy75174",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "BID",
"id": "93911"
},
{
"db": "VULHUB",
"id": "VHN-95192"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6372",
"trust": 3.4
},
{
"db": "BID",
"id": "93911",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1037118",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1037119",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10403",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95192",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "VULHUB",
"id": "VHN-95192"
},
{
"db": "BID",
"id": "93911"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
]
},
"id": "VAR-201610-0318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "VULHUB",
"id": "VHN-95192"
}
],
"trust": 1.2410863666666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
}
]
},
"last_update_date": "2023-12-18T14:05:56.173000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161026-esawsa2",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-esawsa2"
},
{
"title": "CiscoAsyncOSforEmail and WebSecurityAppliances Remote Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/83295"
},
{
"title": "Cisco AsyncOS for Cisco Email Security Appliances and Web Security Appliances Repair measures for security bypass vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65157"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95192"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/93911"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-esawsa2"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037118"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037119"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6372"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6372"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "VULHUB",
"id": "VHN-95192"
},
{
"db": "BID",
"id": "93911"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "VULHUB",
"id": "VHN-95192"
},
{
"db": "BID",
"id": "93911"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95192"
},
{
"date": "2016-10-26T00:00:00",
"db": "BID",
"id": "93911"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"date": "2016-10-28T10:59:11.387000",
"db": "NVD",
"id": "CVE-2016-6372"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-95192"
},
{
"date": "2016-11-24T01:10:00",
"db": "BID",
"id": "93911"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"date": "2017-07-29T01:34:17.867000",
"db": "NVD",
"id": "CVE-2016-6372"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AsyncOS for Email and Web Security Appliances Remote Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "BID",
"id": "93911"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…