CVE-2016-6356 - Vulnerability Details

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Email Security Appliance

Configuration 1 [-]

OR	cpe:2.3:a:cisco:email_security_appliance:3.3.1-09:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.1.0:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.1.1:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.1.2:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.1.3:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.1.4:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.1.5:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.3.0:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.3.1:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.3.2:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.5.0:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.5.1:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.5.2:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.5.2-201:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.6.0:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.6.1-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.6.1-gpl-022:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.6.2:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.6.3-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.6.3-025:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.7.0-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.7.1-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.8.0:::::::*
	cpe:2.3:a:cisco:email_security_appliance:7.8.0-311:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.0.1-023:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.0_base:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.5.6-052:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.5.6-073:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.5.6-074:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.5.6-106:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.5.6-113:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.5.7-042:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.6.0:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.6.0-011:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.9.0:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.9.1-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:8.9.2-032:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.0.0:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.0.0-212:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.0.0-461:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.0.5-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.1.0:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.1.0-011:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.1.0-032:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.1.0-101:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.4.0:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/93907
http://www.securitytracker.com/id/1037122
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2016-10-28T10:00:00

Updated: 2024-08-06T01:29:19.250Z

Reserved: 2016-07-26T00:00:00

Link: CVE-2016-6356

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-10-28T10:59:06.587

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-6356

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco AsyncOS through 9.7.0-125", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco AsyncOS through 9.7.0-125"}]}], "datePublic": "2016-10-28T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1037122", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037122"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"}, {"name": "93907", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93907"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-6356", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco AsyncOS through 9.7.0-125", "version": {"version_data": [{"version_value": "Cisco AsyncOS through 9.7.0-125"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "1037122", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037122"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"}, {"name": "93907", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93907"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:19.250Z"}, "title": "CVE Program Container", "references": [{"name": "1037122", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037122"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"}, {"name": "93907", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93907"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-6356", "datePublished": "2016-10-28T10:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-08-06T01:29:19.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:email_security_appliance:3.3.1-09:*:*:*:*:*:*:*", "matchCriteriaId": "B447F5BF-B930-412C-BB5B-76FB59F2131F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CD539F0-FB4C-43BB-B84D-8EB2D5780C30", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0119B5B-0DE1-40DE-B987-5BD090C46396", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4C9B9EA8-AC3E-46B5-9E1A-C5CDA49C2417", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3584055D-21D7-4701-A6DA-3A42037C235D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "98F65C35-8F6C-443A-8A70-507E2BECE434", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C08DF98F-D463-444A-9C99-3D9F598AD35D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "72B46B14-F730-4C19-B990-7A97180A6B76", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "47B559C5-4D63-4F19-B52D-71AE2D057983", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A024420-2138-45C2-A1B1-D9E6C421CC43", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B7861DE-6DC4-445E-B881-E731E78C933E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C1883A6-FD4A-4E06-AA83-C2E1035C5BE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "8209F5B3-2F65-4976-86CE-8C3F92D6D053", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.2-201:*:*:*:*:*:*:*", "matchCriteriaId": "11E2D3BA-C2EF-4178-B1EA-0E2318DAFE37", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "048157E8-DC18-47D6-8061-6D209C4B640A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.1-000:*:*:*:*:*:*:*", "matchCriteriaId": "C970A35B-04DD-45A4-A739-585ACEE496AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.1-gpl-022:*:*:*:*:*:*:*", "matchCriteriaId": "FCC3BF72-7CD4-47F8-B98F-7D61802A22BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "82842FC8-6041-4FD6-AA4B-818052798F01", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.3-000:*:*:*:*:*:*:*", "matchCriteriaId": "AA18CA46-D4FA-48C8-A632-9C618C4C647C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.3-025:*:*:*:*:*:*:*", "matchCriteriaId": "CD7AD8D8-C690-47C6-8A58-8499266F9659", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.7.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "E6096CDB-3908-4E75-A9B6-285738C582B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.7.1-000:*:*:*:*:*:*:*", "matchCriteriaId": "38B13FE0-91B3-48AC-83D5-839E9C49AF10", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F11D078-2A4A-40C2-8DBA-3A9529355245", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.8.0-311:*:*:*:*:*:*:*", "matchCriteriaId": "6B9C47AD-38DA-44BE-8868-A21F93332783", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.0.1-023:*:*:*:*:*:*:*", "matchCriteriaId": "5FABFD96-9076-4838-A775-7DA478214760", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "6D070904-FF6A-4356-A6B9-FC572CF4ADEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "DCB92F9E-9FA2-4D50-82C2-FF0A20EB42FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:*:*:*:*:*:*:*", "matchCriteriaId": "0D9AFCF6-AFC3-4466-AB77-DA77090BBE0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-052:*:*:*:*:*:*:*", "matchCriteriaId": "A511EEC7-A7B4-46A0-9182-42B6FFB0E103", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-073:*:*:*:*:*:*:*", "matchCriteriaId": "2E8A45A9-0835-4F4D-99D1-4E894EE95B5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-074:*:*:*:*:*:*:*", "matchCriteriaId": "C69F7FA3-F8FD-430F-B70C-FBFC3C1A2D04", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-106:*:*:*:*:*:*:*", "matchCriteriaId": "5EFD829C-2BA8-4EA6-A846-74776A05D105", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-113:*:*:*:*:*:*:*", "matchCriteriaId": "1A831B2A-A23C-4BB4-B64C-ADD2C77D96E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.7-042:*:*:*:*:*:*:*", "matchCriteriaId": "46895808-4225-42FB-BA8B-12ADFADAB4AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "54E7090B-6FB0-4161-8534-BD2561B1C203", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.6.0-011:*:*:*:*:*:*:*", "matchCriteriaId": "62CA88FC-047E-4EA4-B3E9-E903DD1892CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A4A2C13-FB68-4DAD-AC0E-A90260655F33", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.1-000:*:*:*:*:*:*:*", "matchCriteriaId": "B574E66D-783A-48E6-A04A-16E0B1A56EBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.2-032:*:*:*:*:*:*:*", "matchCriteriaId": "CE973E6A-4BE5-44D7-9E66-B966377F2315", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE6412D3-E788-45F8-B4E5-4795CD88F3C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-212:*:*:*:*:*:*:*", "matchCriteriaId": "79408E18-14BE-486A-AAD1-95A3871CCD21", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-461:*:*:*:*:*:*:*", "matchCriteriaId": "44F4ABDB-16DC-4D8F-B2D8-9724133F40BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.5-000:*:*:*:*:*:*:*", "matchCriteriaId": "F8A2F388-FFE1-43BD-A9B6-D21043F86AA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "57F398CF-66B8-4BE1-8586-1DCD1FF8C3C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-011:*:*:*:*:*:*:*", "matchCriteriaId": "9EF05089-FDC2-4D78-9949-B313A11A3FF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-032:*:*:*:*:*:*:*", "matchCriteriaId": "22602224-5873-4B62-A3B4-66B9E590B73E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-101:*:*:*:*:*:*:*", "matchCriteriaId": "2C301DE3-99C7-415A-9D1B-8DDD00E4E5D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA369D6F-7011-49CF-B0E7-D1B7A2D1B719", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:*:*:*:*:*:*:*", "matchCriteriaId": "5D328123-3F80-4686-A464-574CDFF67247", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "C17D2028-25C5-4234-8723-7040DCFBEE92", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:*:*:*:*:*:*:*", "matchCriteriaId": "EF846D4C-F7A2-4C27-A2A3-CFE5E76DE5F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "98D691BA-8205-4C49-851B-2FDC1F22F641", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*", "matchCriteriaId": "ED373FBD-1BB7-4532-946F-9DA2DF33A8D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*", "matchCriteriaId": "7A450E5F-D02B-4F4D-9844-794D6A39D923", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:*:*:*:*:*:*:*", "matchCriteriaId": "61E682A3-28D4-4163-B047-DAD05D404128", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*", "matchCriteriaId": "72DADB2C-D86D-44B5-B87B-289990A7D9B4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047."}, {"lang": "es", "value": "Una vulnerabilidad en la caracter\u00edstica de filtrado de mensajes de email de Cisco AsyncOS Software para Cisco Email Security Appliances podr\u00eda permitir a un atacante remoto no autenticado provocar que el dispositivo afectado pare el escaneo y reenv\u00ede mensajes de email debido a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Productos afectados: Esta vulnerabilidad afecta a todas las versiones previas a la primera versi\u00f3n fija de Cisco AsyncOS Software para Cisco Email Security Appliances, ambos dispositivos virtuales y hardware, si el software est\u00e1 configurado para aplicar un filtro de mensajes o un filtro de contenido a los adjuntos de mails entrantes. La vulnerabilidad no est\u00e1 limitada a reglas o acciones espec\u00edficas del filtro de mensajes o del filtro de contenido. M\u00e1s informaci\u00f3n: CSCuz63143. Lanzamientos conocidos afectados: 8.5.7-042 9.7.0-125. Lanzamientos conocidos solucionados: 10.0.0-125 9.1.1-038 9.7.2-047."}], "id": "CVE-2016-6356", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-28T10:59:06.587", "references": [{"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/bid/93907"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1037122"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/93907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037122"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object