CVE-2016-1486 - Vulnerability Details

Vendors	Products
Cisco	Email Security Appliance

Link	Providers
http://www.securityfocus.com/bid/93906
http://www.securitytracker.com/id/1037124
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Cisco AsyncOS through 9.7.1-066", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco AsyncOS through 9.7.1-066"}]}], "datePublic": "2016-10-28T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"}, {"name": "1037124", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037124"}, {"name": "93906", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93906"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1486", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco AsyncOS through 9.7.1-066", "version": {"version_data": [{"version_value": "Cisco AsyncOS through 9.7.1-066"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"}, {"name": "1037124", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037124"}, {"name": "93906", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93906"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.575Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"}, {"name": "1037124", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037124"}, {"name": "93906", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93906"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1486", "datePublished": "2016-10-28T10:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.575Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Cisco AsyncOS through 9.7.1-066 (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Cisco AsyncOS through 9.7.1-066 (string)

}

]

}

]

datePublic : 2016-10-28T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : unspecified (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-07-28T09:57:01 (string)

orgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

shortName : cisco (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2 (string)

}

1 : { »

name : 1037124 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1037124 (string)

}

2 : { »

name : 93906 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/93906 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@cisco.com (string)

ID : CVE-2016-1486 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Cisco AsyncOS through 9.7.1-066 (string)

version : { »

version_data : [ »

0 : { »

version_value : Cisco AsyncOS through 9.7.1-066 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : unspecified (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2 (string)

refsource : CONFIRM (string)

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2 (string)

}

1 : { »

name : 1037124 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1037124 (string)

}

2 : { »

name : 93906 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/93906 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T22:55:14.575Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2 (string)

}

1 : { »

name : 1037124 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1037124 (string)

}

2 : { »

name : 93906 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/93906 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

assignerShortName : cisco (string)

cveId : CVE-2016-1486 (string)

datePublished : 2016-10-28T10:00:00 (string)

dateReserved : 2016-01-04T00:00:00 (string)

dateUpdated : 2024-08-05T22:55:14.575Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "DCB92F9E-9FA2-4D50-82C2-FF0A20EB42FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:*:*:*:*:*:*:*", "matchCriteriaId": "0D9AFCF6-AFC3-4466-AB77-DA77090BBE0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-052:*:*:*:*:*:*:*", "matchCriteriaId": "A511EEC7-A7B4-46A0-9182-42B6FFB0E103", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-073:*:*:*:*:*:*:*", "matchCriteriaId": "2E8A45A9-0835-4F4D-99D1-4E894EE95B5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-074:*:*:*:*:*:*:*", "matchCriteriaId": "C69F7FA3-F8FD-430F-B70C-FBFC3C1A2D04", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-106:*:*:*:*:*:*:*", "matchCriteriaId": "5EFD829C-2BA8-4EA6-A846-74776A05D105", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-113:*:*:*:*:*:*:*", "matchCriteriaId": "1A831B2A-A23C-4BB4-B64C-ADD2C77D96E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.7-042:*:*:*:*:*:*:*", "matchCriteriaId": "46895808-4225-42FB-BA8B-12ADFADAB4AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "54E7090B-6FB0-4161-8534-BD2561B1C203", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.6.0-011:*:*:*:*:*:*:*", "matchCriteriaId": "62CA88FC-047E-4EA4-B3E9-E903DD1892CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A4A2C13-FB68-4DAD-AC0E-A90260655F33", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.1-000:*:*:*:*:*:*:*", "matchCriteriaId": "B574E66D-783A-48E6-A04A-16E0B1A56EBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.2-032:*:*:*:*:*:*:*", "matchCriteriaId": "CE973E6A-4BE5-44D7-9E66-B966377F2315", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE6412D3-E788-45F8-B4E5-4795CD88F3C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-212:*:*:*:*:*:*:*", "matchCriteriaId": "79408E18-14BE-486A-AAD1-95A3871CCD21", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-461:*:*:*:*:*:*:*", "matchCriteriaId": "44F4ABDB-16DC-4D8F-B2D8-9724133F40BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.5-000:*:*:*:*:*:*:*", "matchCriteriaId": "F8A2F388-FFE1-43BD-A9B6-D21043F86AA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "57F398CF-66B8-4BE1-8586-1DCD1FF8C3C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-011:*:*:*:*:*:*:*", "matchCriteriaId": "9EF05089-FDC2-4D78-9949-B313A11A3FF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-032:*:*:*:*:*:*:*", "matchCriteriaId": "22602224-5873-4B62-A3B4-66B9E590B73E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-101:*:*:*:*:*:*:*", "matchCriteriaId": "2C301DE3-99C7-415A-9D1B-8DDD00E4E5D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.1-000:*:*:*:*:*:*:*", "matchCriteriaId": "8F0298F5-CE72-4A8A-9AA9-5770BE6081F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA369D6F-7011-49CF-B0E7-D1B7A2D1B719", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:*:*:*:*:*:*:*", "matchCriteriaId": "5D328123-3F80-4686-A464-574CDFF67247", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "C17D2028-25C5-4234-8723-7040DCFBEE92", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:*:*:*:*:*:*:*", "matchCriteriaId": "EF846D4C-F7A2-4C27-A2A3-CFE5E76DE5F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "98D691BA-8205-4C49-851B-2FDC1F22F641", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*", "matchCriteriaId": "ED373FBD-1BB7-4532-946F-9DA2DF33A8D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*", "matchCriteriaId": "7A450E5F-D02B-4F4D-9844-794D6A39D923", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:*:*:*:*:*:*:*", "matchCriteriaId": "61E682A3-28D4-4163-B047-DAD05D404128", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de escaneo de adjuntos de email de la caracter\u00edstica Advanced Malware Protection (AMP) de Cisco AsyncOS Software para Cisco Email Security Appliances podr\u00eda permitir a un atacante remoto no autenticado provocar que el dispositivo afectado pare el escaneo y reenv\u00ede mensajes de email debido a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Productos afectados: Esta vulnerabilidad afecta a las versiones Cisco AsyncOS Software releases 9.7.1 y posteriores, previas a la primera versi\u00f3n fija, ambos dispositivos virtuales y hardware Cisco Email Security Appliances, si la caracter\u00edstica AMP est\u00e1 configurada para escanear los adjuntos de mails entrantes. M\u00e1s informaci\u00f3n: CSCuy99453. Lanzamientos conocidos afectados: 9.7.1-066. Lanzamientos conocidos solucionados: 10.0.0-125 9.7.1-207 9.7.2-047."}], "id": "CVE-2016-1486", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-28T10:59:05.197", "references": [{"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/bid/93906"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1037124"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/93906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:*:*:*:*:*:*:* (string)

matchCriteriaId : DCB92F9E-9FA2-4D50-82C2-FF0A20EB42FF (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:*:*:*:*:*:*:* (string)

matchCriteriaId : 0D9AFCF6-AFC3-4466-AB77-DA77090BBE0C (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.5.6-052:*:*:*:*:*:*:* (string)

matchCriteriaId : A511EEC7-A7B4-46A0-9182-42B6FFB0E103 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.5.6-073:*:*:*:*:*:*:* (string)

matchCriteriaId : 2E8A45A9-0835-4F4D-99D1-4E894EE95B5E (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.5.6-074:*:*:*:*:*:*:* (string)

matchCriteriaId : C69F7FA3-F8FD-430F-B70C-FBFC3C1A2D04 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.5.6-106:*:*:*:*:*:*:* (string)

matchCriteriaId : 5EFD829C-2BA8-4EA6-A846-74776A05D105 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.5.6-113:*:*:*:*:*:*:* (string)

matchCriteriaId : 1A831B2A-A23C-4BB4-B64C-ADD2C77D96E3 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.5.7-042:*:*:*:*:*:*:* (string)

matchCriteriaId : 46895808-4225-42FB-BA8B-12ADFADAB4AA (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 54E7090B-6FB0-4161-8534-BD2561B1C203 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.6.0-011:*:*:*:*:*:*:* (string)

matchCriteriaId : 62CA88FC-047E-4EA4-B3E9-E903DD1892CC (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6A4A2C13-FB68-4DAD-AC0E-A90260655F33 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.9.1-000:*:*:*:*:*:*:* (string)

matchCriteriaId : B574E66D-783A-48E6-A04A-16E0B1A56EBD (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.9.2-032:*:*:*:*:*:*:* (string)

matchCriteriaId : CE973E6A-4BE5-44D7-9E66-B966377F2315 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : DE6412D3-E788-45F8-B4E5-4795CD88F3C9 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.0.0-212:*:*:*:*:*:*:* (string)

matchCriteriaId : 79408E18-14BE-486A-AAD1-95A3871CCD21 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.0.0-461:*:*:*:*:*:*:* (string)

matchCriteriaId : 44F4ABDB-16DC-4D8F-B2D8-9724133F40BB (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.0.5-000:*:*:*:*:*:*:* (string)

matchCriteriaId : F8A2F388-FFE1-43BD-A9B6-D21043F86AA2 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 57F398CF-66B8-4BE1-8586-1DCD1FF8C3C7 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.1.0-011:*:*:*:*:*:*:* (string)

matchCriteriaId : 9EF05089-FDC2-4D78-9949-B313A11A3FF2 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.1.0-032:*:*:*:*:*:*:* (string)

matchCriteriaId : 22602224-5873-4B62-A3B4-66B9E590B73E (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.1.0-101:*:*:*:*:*:*:* (string)

matchCriteriaId : 2C301DE3-99C7-415A-9D1B-8DDD00E4E5D5 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.1.1-000:*:*:*:*:*:*:* (string)

matchCriteriaId : 8F0298F5-CE72-4A8A-9AA9-5770BE6081F6 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EA369D6F-7011-49CF-B0E7-D1B7A2D1B719 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:*:*:*:*:*:*:* (string)

matchCriteriaId : 5D328123-3F80-4686-A464-574CDFF67247 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:*:*:*:*:*:*:* (string)

matchCriteriaId : C17D2028-25C5-4234-8723-7040DCFBEE92 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:*:*:*:*:*:*:* (string)

matchCriteriaId : EF846D4C-F7A2-4C27-A2A3-CFE5E76DE5F3 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:* (string)

matchCriteriaId : 98D691BA-8205-4C49-851B-2FDC1F22F641 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:* (string)

matchCriteriaId : ED373FBD-1BB7-4532-946F-9DA2DF33A8D1 (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:* (string)

matchCriteriaId : 7A450E5F-D02B-4F4D-9844-794D6A39D923 (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:*:*:*:*:*:*:* (string)

matchCriteriaId : 61E682A3-28D4-4163-B047-DAD05D404128 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad en la funcionalidad de escaneo de adjuntos de email de la característica Advanced Malware Protection (AMP) de Cisco AsyncOS Software para Cisco Email Security Appliances podría permitir a un atacante remoto no autenticado provocar que el dispositivo afectado pare el escaneo y reenvíe mensajes de email debido a una condición de denegación de servicio (DoS). Productos afectados: Esta vulnerabilidad afecta a las versiones Cisco AsyncOS Software releases 9.7.1 y posteriores, previas a la primera versión fija, ambos dispositivos virtuales y hardware Cisco Email Security Appliances, si la característica AMP está configurada para escanear los adjuntos de mails entrantes. Más información: CSCuy99453. Lanzamientos conocidos afectados: 9.7.1-066. Lanzamientos conocidos solucionados: 10.0.0-125 9.7.1-207 9.7.2-047. (string)

}

]

id : CVE-2016-1486 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 7.8 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-10-28T10:59:05.197 (string)

references : [ »

0 : { »

source : psirt@cisco.com (string)

url : http://www.securityfocus.com/bid/93906 (string)

}

1 : { »

source : psirt@cisco.com (string)

url : http://www.securitytracker.com/id/1037124 (string)

}

2 : { »

source : psirt@cisco.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/93906 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1037124 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2 (string)

}

]

sourceIdentifier : psirt@cisco.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-19 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object