Vulnerability Details CVE-2016-6357
A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/93909
- http://www.securitytracker.com/id/1037114
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5
- http://www.securityfocus.com/bid/93909
- http://www.securitytracker.com/id/1037114
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5
Products affected by CVE-2016-6357
-
cpe:2.3:a:cisco:email_security_appliance:9.7.1-066
-
cpe:2.3:a:cisco:email_security_appliance:9.9.6-026