Vulnslist

find the latest Cisco vulnerabilities

Cisco Email Security Appliance Quarantine Email Rendering Vulnerability

cisco-sa-20161026-esa4 · Medium · Published · Updated

A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. The vulnerability is due to malformed HTML script tags in quarantined email messages. An attacker could exploit this vulnerability by sending a crafted email message to the affected device. An exploit could allow the attacker to trick a user who views the MIQ email message into clicking a malicious link. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa4

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-1423
Cisco Bug IDsCSCuz02235
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco Email Security Appliance (ESA), Cisco Secure Email

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2016-1423 Cisco OpenVuln
Cisco AGS+ Routers CVE-2016-1423 Cisco OpenVuln
Cisco Secure Email CVE-2016-1423 Cisco OpenVuln
Cisco Email Security Appliance (ESA) CVE-2016-1423 Cisco OpenVuln