Vulnslist

find the latest Cisco vulnerabilities

Cisco ESA and WSA AMP ClamAV Denial of Service Vulnerability

cisco-sa-20160531-wsa-esa · Medium · Published · Updated

A vulnerability in the Clam AntiVirus (ClamAV) software that is used by Cisco Advance Malware Protection (AMP) for Cisco Email Security Appliances (ESAs) and Cisco Web Security Appliances (WSAs) could allow an unauthenticated, remote attacker to cause the AMP process to restart. The vulnerability is due to improper parsing of input files by the libclamav library. An attacker could exploit this vulnerability by sending a crafted document that triggers a scan from the AMP ClamAV library on an affected system. A successful exploit could allow the attacker to cause the AMP process to restart. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-1405
Cisco Bug IDsCSCuv78533, CSCuw60503
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
Product Names From Source
Cisco Web Security Appliance (WSA), Cisco Email Security Appliance (ESA), Cisco Secure Email, Cisco Secure Web Appliance

Related Products

Product CVE Evidence
Cisco Web Security Appliance (WSA) CVE-2016-1405 Cisco OpenVuln
Cisco Secure Web Appliance CVE-2016-1405 Cisco OpenVuln
Cisco Secure Email CVE-2016-1405 Cisco OpenVuln
Cisco Email Security Appliance (ESA) CVE-2016-1405 Cisco OpenVuln