CVE-2016-6416 - Vulnerability Details

Vendors	Products
Cisco	Content Security Management Appliance Email Security Appliance Web Security Appliance

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos
http://www.securityfocus.com/bid/93198
http://www.securitytracker.com/id/1036915
http://www.securitytracker.com/id/1036916
http://www.securitytracker.com/id/1036917

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-29T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1036915", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036915"}, {"name": "93198", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93198"}, {"name": "1036916", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036916"}, {"name": "20160928 Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos"}, {"name": "1036917", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036917"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-6416", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1036915", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036915"}, {"name": "93198", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93198"}, {"name": "1036916", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036916"}, {"name": "20160928 Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos"}, {"name": "1036917", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036917"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:20.103Z"}, "title": "CVE Program Container", "references": [{"name": "1036915", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036915"}, {"name": "93198", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93198"}, {"name": "1036916", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036916"}, {"name": "20160928 Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos"}, {"name": "1036917", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036917"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-6416", "datePublished": "2016-10-05T17:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-08-06T01:29:20.103Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-09-28T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-07-29T09:57:01 (string)

orgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

shortName : cisco (string)

}

references : [ »

0 : { »

name : 1036915 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1036915 (string)

}

1 : { »

name : 93198 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/93198 (string)

}

2 : { »

name : 1036916 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1036916 (string)

}

3 : { »

name : 20160928 Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CISCO (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos (string)

}

4 : { »

name : 1036917 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1036917 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@cisco.com (string)

ID : CVE-2016-6416 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 1036915 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1036915 (string)

}

1 : { »

name : 93198 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/93198 (string)

}

2 : { »

name : 1036916 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1036916 (string)

}

3 : { »

name : 20160928 Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability (string)

refsource : CISCO (string)

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos (string)

}

4 : { »

name : 1036917 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1036917 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T01:29:20.103Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 1036915 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1036915 (string)

}

1 : { »

name : 93198 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/93198 (string)

}

2 : { »

name : 1036916 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1036916 (string)

}

3 : { »

name : 20160928 Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CISCO (string)

2 : x_transferred (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos (string)

}

4 : { »

name : 1036917 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1036917 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

assignerShortName : cisco (string)

cveId : CVE-2016-6416 (string)

datePublished : 2016-10-05T17:00:00 (string)

dateReserved : 2016-07-26T00:00:00 (string)

dateUpdated : 2024-08-06T01:29:20.103Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "07DCBDF0-1E0D-420C-A0BA-2C4C38D13D76", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:*:*:*:*:*:*:*", "matchCriteriaId": "F40DB32E-31F8-44B2-896E-26232EA41873", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:*:*:*:*:*:*:*", "matchCriteriaId": "0B68AE1E-AD02-465E-AC86-FF23591D3882", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:*:*:*:*:*:*:*", "matchCriteriaId": "EA33E2AF-87FE-4F04-AC02-98068C81D92D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:*:*:*:*:*:*:*", "matchCriteriaId": "2F57F5AB-DA2D-49AC-8C61-DD06DF9E8E12", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B272AFD-80B1-43C3-AE0F-CBD9A9ED2581", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D122AF7B-1195-4F83-B8CC-50E22C4417C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "98D691BA-8205-4C49-851B-2FDC1F22F641", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*", "matchCriteriaId": "ED373FBD-1BB7-4532-946F-9DA2DF33A8D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*", "matchCriteriaId": "7A450E5F-D02B-4F4D-9844-794D6A39D923", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*", "matchCriteriaId": "72DADB2C-D86D-44B5-B87B-289990A7D9B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.9.6-026:*:*:*:*:*:*:*", "matchCriteriaId": "F508B007-27AD-483F-B220-B62C84892617", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.9_base:*:*:*:*:*:*:*", "matchCriteriaId": "B95BBCED-65C8-4433-884B-0088B8B15E71", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-162:*:*:*:*:*:*:*", "matchCriteriaId": "C5BF001A-7ADB-4976-8A50-0EFC53FB6AEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.1.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "7703E48F-6AAE-42DF-91E4-7205E9A7AD1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.1.0-070:*:*:*:*:*:*:*", "matchCriteriaId": "8782B7BC-03C5-4866-9807-14EF9A818EB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.1_base:*:*:*:*:*:*:*", "matchCriteriaId": "A8677C11-CD70-4A92-9E06-7ABC4753F13A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.5.0-235:*:*:*:*:*:*:*", "matchCriteriaId": "3BEBC56B-BC37-4A5C-90D9-D412B978A743", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.5.0-284:*:*:*:*:*:*:*", "matchCriteriaId": "4BA50ED3-74F8-4B13-BFA9-97EA6B43C701", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.5.0-444:*:*:*:*:*:*:*", "matchCriteriaId": "56127D49-142B-4660-9FEF-715E419E1643", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.5_base:*:*:*:*:*:*:*", "matchCriteriaId": "1D0113C0-9BD3-49DD-AAA3-57BF6148D054", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065."}, {"lang": "es", "value": "El servicio FTP en Cisco AsyncOS en dispositivos Email Security Appliance (ESA) 9.6.0-000 hasta la versi\u00f3n 9.9.6-026, dispositivos Web Security Appliance (WSA) 9.0.0-162 hasta la versi\u00f3n 9.5.0-444 y dispositivos Content Security Management Appliance (SMA) permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de inundaci\u00f3n de tr\u00e1fico FTP, vulnerabilidad tambi\u00e9n conocida como Bug IDs CSCuz82907, CSCuz84330 y CSCuz86065."}], "id": "CVE-2016-6416", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-05T17:59:05.900", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos"}, {"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/bid/93198"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1036915"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1036916"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1036917"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/93198"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1036915"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1036916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1036917"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 07DCBDF0-1E0D-420C-A0BA-2C4C38D13D76 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:*:*:*:*:*:*:* (string)

matchCriteriaId : F40DB32E-31F8-44B2-896E-26232EA41873 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B68AE1E-AD02-465E-AC86-FF23591D3882 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:*:*:*:*:*:*:* (string)

matchCriteriaId : EA33E2AF-87FE-4F04-AC02-98068C81D92D (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:*:*:*:*:*:*:* (string)

matchCriteriaId : 2F57F5AB-DA2D-49AC-8C61-DD06DF9E8E12 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 5B272AFD-80B1-43C3-AE0F-CBD9A9ED2581 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D122AF7B-1195-4F83-B8CC-50E22C4417C3 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:* (string)

matchCriteriaId : 98D691BA-8205-4C49-851B-2FDC1F22F641 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:* (string)

matchCriteriaId : ED373FBD-1BB7-4532-946F-9DA2DF33A8D1 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:* (string)

matchCriteriaId : 7A450E5F-D02B-4F4D-9844-794D6A39D923 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:* (string)

matchCriteriaId : 72DADB2C-D86D-44B5-B87B-289990A7D9B4 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.9.6-026:*:*:*:*:*:*:* (string)

matchCriteriaId : F508B007-27AD-483F-B220-B62C84892617 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:9.9_base:*:*:*:*:*:*:* (string)

matchCriteriaId : B95BBCED-65C8-4433-884B-0088B8B15E71 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:9.0.0-162:*:*:*:*:*:*:* (string)

matchCriteriaId : C5BF001A-7ADB-4976-8A50-0EFC53FB6AEC (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:9.1.0-000:*:*:*:*:*:*:* (string)

matchCriteriaId : 7703E48F-6AAE-42DF-91E4-7205E9A7AD1D (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:9.1.0-070:*:*:*:*:*:*:* (string)

matchCriteriaId : 8782B7BC-03C5-4866-9807-14EF9A818EB1 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:9.1_base:*:*:*:*:*:*:* (string)

matchCriteriaId : A8677C11-CD70-4A92-9E06-7ABC4753F13A (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:9.5.0-235:*:*:*:*:*:*:* (string)

matchCriteriaId : 3BEBC56B-BC37-4A5C-90D9-D412B978A743 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:9.5.0-284:*:*:*:*:*:*:* (string)

matchCriteriaId : 4BA50ED3-74F8-4B13-BFA9-97EA6B43C701 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:9.5.0-444:*:*:*:*:*:*:* (string)

matchCriteriaId : 56127D49-142B-4660-9FEF-715E419E1643 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:9.5_base:*:*:*:*:*:*:* (string)

matchCriteriaId : 1D0113C0-9BD3-49DD-AAA3-57BF6148D054 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. (string)

}

1 : { »

lang : es (string)

value : El servicio FTP en Cisco AsyncOS en dispositivos Email Security Appliance (ESA) 9.6.0-000 hasta la versión 9.9.6-026, dispositivos Web Security Appliance (WSA) 9.0.0-162 hasta la versión 9.5.0-444 y dispositivos Content Security Management Appliance (SMA) permite a atacantes remotos provocar una denegación de servicio a través de inundación de tráfico FTP, vulnerabilidad también conocida como Bug IDs CSCuz82907, CSCuz84330 y CSCuz86065. (string)

}

]

id : CVE-2016-6416 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 5.9 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.2 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-10-05T17:59:05.900 (string)

references : [ »

0 : { »

source : psirt@cisco.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos (string)

}

1 : { »

source : psirt@cisco.com (string)

url : http://www.securityfocus.com/bid/93198 (string)

}

2 : { »

source : psirt@cisco.com (string)

url : http://www.securitytracker.com/id/1036915 (string)

}

3 : { »

source : psirt@cisco.com (string)

url : http://www.securitytracker.com/id/1036916 (string)

}

4 : { »

source : psirt@cisco.com (string)

url : http://www.securitytracker.com/id/1036917 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/93198 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1036915 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1036916 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1036917 (string)

}

]

sourceIdentifier : psirt@cisco.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object