Vulnslist

find the latest Cisco vulnerabilities

Cisco Email Security Appliance Drop Bypass Vulnerability

cisco-sa-20161026-esa5 · Medium · Published · Updated

A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. The vulnerability is due to improper error handling. An attacker could exploit this vulnerability by sending an email message with a corrupted attachment. A successful exploit could allow the attacker to bypass a configured drop filter. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-6357
Cisco Bug IDsCSCuz01651
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Email Security Appliance (ESA), Cisco Secure Email

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2016-6357 Cisco OpenVuln
Cisco Secure Email CVE-2016-6357 Cisco OpenVuln
Cisco Email Security Appliance (ESA) CVE-2016-6357 Cisco OpenVuln