Vulnerability Details CVE-2016-6416
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.5%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos
- http://www.securityfocus.com/bid/93198
- http://www.securitytracker.com/id/1036915
- http://www.securitytracker.com/id/1036916
- http://www.securitytracker.com/id/1036917
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos
- http://www.securityfocus.com/bid/93198
- http://www.securitytracker.com/id/1036915
- http://www.securitytracker.com/id/1036916
- http://www.securitytracker.com/id/1036917
Products affected by CVE-2016-6416
-
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0
-
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004
-
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031
-
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033
-
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103
-
cpe:2.3:a:cisco:content_security_management_appliance:9.5.0
-
cpe:2.3:a:cisco:content_security_management_appliance:9.6.0
-
cpe:2.3:a:cisco:email_security_appliance:9.6.0-000
-
cpe:2.3:a:cisco:email_security_appliance:9.6.0-042
-
cpe:2.3:a:cisco:email_security_appliance:9.6.0-051
-
cpe:2.3:a:cisco:email_security_appliance:9.7.1-066
-
cpe:2.3:a:cisco:email_security_appliance:9.9.6-026
-
cpe:2.3:a:cisco:email_security_appliance:9.9_base
-
cpe:2.3:a:cisco:web_security_appliance:9.0.0-162
-
cpe:2.3:a:cisco:web_security_appliance:9.1.0-000
-
cpe:2.3:a:cisco:web_security_appliance:9.1.0-070
-
cpe:2.3:a:cisco:web_security_appliance:9.1_base
-
cpe:2.3:a:cisco:web_security_appliance:9.5.0-235
-
cpe:2.3:a:cisco:web_security_appliance:9.5.0-284
-
cpe:2.3:a:cisco:web_security_appliance:9.5.0-444
-
cpe:2.3:a:cisco:web_security_appliance:9.5_base