Search criteria
175 vulnerabilities found for asyncos by cisco
CVE-2025-20393 (GCVE-0-2025-20393)
Vulnerability from nvd ā Published: 2025-12-17 16:47 ā Updated: 2025-12-18 04:55
VLAI?
Title
Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability
Summary
Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appropriate as more information becomes available.
Severity ?
10 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Secure Email |
Affected:
14.0.0-698
Affected: 13.5.1-277 Affected: 13.0.0-392 Affected: 14.2.0-620 Affected: 13.0.5-007 Affected: 13.5.4-038 Affected: 14.2.1-020 Affected: 14.3.0-032 Affected: 15.0.0-104 Affected: 15.0.1-030 Affected: 15.5.0-048 Affected: 15.5.1-055 Affected: 15.5.2-018 Affected: 16.0.0-050 Affected: 15.0.3-002 Affected: 16.0.0-054 Affected: 15.5.3-022 Affected: 16.0.1-017 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20393",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T04:55:21.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Email",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "14.0.0-698"
},
{
"status": "affected",
"version": "13.5.1-277"
},
{
"status": "affected",
"version": "13.0.0-392"
},
{
"status": "affected",
"version": "14.2.0-620"
},
{
"status": "affected",
"version": "13.0.5-007"
},
{
"status": "affected",
"version": "13.5.4-038"
},
{
"status": "affected",
"version": "14.2.1-020"
},
{
"status": "affected",
"version": "14.3.0-032"
},
{
"status": "affected",
"version": "15.0.0-104"
},
{
"status": "affected",
"version": "15.0.1-030"
},
{
"status": "affected",
"version": "15.5.0-048"
},
{
"status": "affected",
"version": "15.5.1-055"
},
{
"status": "affected",
"version": "15.5.2-018"
},
{
"status": "affected",
"version": "16.0.0-050"
},
{
"status": "affected",
"version": "15.0.3-002"
},
{
"status": "affected",
"version": "16.0.0-054"
},
{
"status": "affected",
"version": "15.5.3-022"
},
{
"status": "affected",
"version": "16.0.1-017"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Secure Email and Web Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "13.6.2-023"
},
{
"status": "affected",
"version": "13.6.2-078"
},
{
"status": "affected",
"version": "13.0.0-249"
},
{
"status": "affected",
"version": "13.0.0-277"
},
{
"status": "affected",
"version": "13.8.1-052"
},
{
"status": "affected",
"version": "13.8.1-068"
},
{
"status": "affected",
"version": "13.8.1-074"
},
{
"status": "affected",
"version": "14.0.0-404"
},
{
"status": "affected",
"version": "12.8.1-002"
},
{
"status": "affected",
"version": "14.1.0-227"
},
{
"status": "affected",
"version": "13.6.1-201"
},
{
"status": "affected",
"version": "14.2.0-203"
},
{
"status": "affected",
"version": "14.2.0-212"
},
{
"status": "affected",
"version": "12.8.1-021"
},
{
"status": "affected",
"version": "13.8.1-108"
},
{
"status": "affected",
"version": "14.2.0-224"
},
{
"status": "affected",
"version": "14.3.0-120"
},
{
"status": "affected",
"version": "15.0.0-334"
},
{
"status": "affected",
"version": "15.5.1-024"
},
{
"status": "affected",
"version": "15.5.1-029"
},
{
"status": "affected",
"version": "15.5.2-005"
},
{
"status": "affected",
"version": "16.0.0-195"
},
{
"status": "affected",
"version": "15.5.3-017"
},
{
"status": "affected",
"version": "16.0.1-010"
},
{
"status": "affected",
"version": "15.0.1-035"
},
{
"status": "affected",
"version": "16.0.2-088"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco is aware of a potential vulnerability.\u0026nbsp; Cisco is currently investigating and\u0026nbsp;will update these details as appropriate\u0026nbsp;as more information becomes available."
}
],
"exploits": [
{
"lang": "en",
"value": "In December 2025, the Cisco Product Security Incident Response Team (PSIRT) became aware of potentially malicious activity that targets Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T16:47:13.128Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sma-attack-N9bf4",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4"
}
],
"source": {
"advisory": "cisco-sa-sma-attack-N9bf4",
"defects": [
"CSCws36549"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20393",
"datePublished": "2025-12-17T16:47:13.128Z",
"dateReserved": "2024-10-10T19:15:13.266Z",
"dateUpdated": "2025-12-18T04:55:21.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20393 (GCVE-0-2025-20393)
Vulnerability from cvelistv5 ā Published: 2025-12-17 16:47 ā Updated: 2025-12-18 04:55
VLAI?
Title
Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability
Summary
Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appropriate as more information becomes available.
Severity ?
10 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Secure Email |
Affected:
14.0.0-698
Affected: 13.5.1-277 Affected: 13.0.0-392 Affected: 14.2.0-620 Affected: 13.0.5-007 Affected: 13.5.4-038 Affected: 14.2.1-020 Affected: 14.3.0-032 Affected: 15.0.0-104 Affected: 15.0.1-030 Affected: 15.5.0-048 Affected: 15.5.1-055 Affected: 15.5.2-018 Affected: 16.0.0-050 Affected: 15.0.3-002 Affected: 16.0.0-054 Affected: 15.5.3-022 Affected: 16.0.1-017 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20393",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T04:55:21.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Email",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "14.0.0-698"
},
{
"status": "affected",
"version": "13.5.1-277"
},
{
"status": "affected",
"version": "13.0.0-392"
},
{
"status": "affected",
"version": "14.2.0-620"
},
{
"status": "affected",
"version": "13.0.5-007"
},
{
"status": "affected",
"version": "13.5.4-038"
},
{
"status": "affected",
"version": "14.2.1-020"
},
{
"status": "affected",
"version": "14.3.0-032"
},
{
"status": "affected",
"version": "15.0.0-104"
},
{
"status": "affected",
"version": "15.0.1-030"
},
{
"status": "affected",
"version": "15.5.0-048"
},
{
"status": "affected",
"version": "15.5.1-055"
},
{
"status": "affected",
"version": "15.5.2-018"
},
{
"status": "affected",
"version": "16.0.0-050"
},
{
"status": "affected",
"version": "15.0.3-002"
},
{
"status": "affected",
"version": "16.0.0-054"
},
{
"status": "affected",
"version": "15.5.3-022"
},
{
"status": "affected",
"version": "16.0.1-017"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Secure Email and Web Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "13.6.2-023"
},
{
"status": "affected",
"version": "13.6.2-078"
},
{
"status": "affected",
"version": "13.0.0-249"
},
{
"status": "affected",
"version": "13.0.0-277"
},
{
"status": "affected",
"version": "13.8.1-052"
},
{
"status": "affected",
"version": "13.8.1-068"
},
{
"status": "affected",
"version": "13.8.1-074"
},
{
"status": "affected",
"version": "14.0.0-404"
},
{
"status": "affected",
"version": "12.8.1-002"
},
{
"status": "affected",
"version": "14.1.0-227"
},
{
"status": "affected",
"version": "13.6.1-201"
},
{
"status": "affected",
"version": "14.2.0-203"
},
{
"status": "affected",
"version": "14.2.0-212"
},
{
"status": "affected",
"version": "12.8.1-021"
},
{
"status": "affected",
"version": "13.8.1-108"
},
{
"status": "affected",
"version": "14.2.0-224"
},
{
"status": "affected",
"version": "14.3.0-120"
},
{
"status": "affected",
"version": "15.0.0-334"
},
{
"status": "affected",
"version": "15.5.1-024"
},
{
"status": "affected",
"version": "15.5.1-029"
},
{
"status": "affected",
"version": "15.5.2-005"
},
{
"status": "affected",
"version": "16.0.0-195"
},
{
"status": "affected",
"version": "15.5.3-017"
},
{
"status": "affected",
"version": "16.0.1-010"
},
{
"status": "affected",
"version": "15.0.1-035"
},
{
"status": "affected",
"version": "16.0.2-088"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco is aware of a potential vulnerability.\u0026nbsp; Cisco is currently investigating and\u0026nbsp;will update these details as appropriate\u0026nbsp;as more information becomes available."
}
],
"exploits": [
{
"lang": "en",
"value": "In December 2025, the Cisco Product Security Incident Response Team (PSIRT) became aware of potentially malicious activity that targets Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T16:47:13.128Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sma-attack-N9bf4",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4"
}
],
"source": {
"advisory": "cisco-sa-sma-attack-N9bf4",
"defects": [
"CSCws36549"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20393",
"datePublished": "2025-12-17T16:47:13.128Z",
"dateReserved": "2024-10-10T19:15:13.266Z",
"dateUpdated": "2025-12-18T04:55:21.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201706-0587
Vulnerability from variot - Updated: 2025-04-20 23:43A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015. Vendors have confirmed this vulnerability Bug ID CSCvd34632 It is released as.A remote attacker could bypass the filters set on the device. CiscoEmailSecurityAppliance is a set of email security appliances. CiscoContentSecurityManagement is a unified email and web security management solution. An email scanning vulnerability exists in CiscoAsyncOSSoftware on CiscoEmailSecurityAppliance (ESA) devices. This vulnerability stems from incorrect authentication of emails with attachments and modified MIME headers. An unauthenticated remote attacker bypasses the configured filter. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvd34632. AsyncOS Software is the operating system used in it
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0587",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 2.5,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 2.5,
"vendor": "cisco",
"version": "10.0.1-087"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.8.1-015"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.2-020"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11578"
},
{
"db": "BID",
"id": "98969"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004810"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-373"
},
{
"db": "NVD",
"id": "CVE-2017-6671"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004810"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "98969"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-373"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6671",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6671",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-11578",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-114874",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6671",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6671",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6671",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-11578",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-373",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114874",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11578"
},
{
"db": "VULHUB",
"id": "VHN-114874"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004810"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-373"
},
{
"db": "NVD",
"id": "CVE-2017-6671"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015. Vendors have confirmed this vulnerability Bug ID CSCvd34632 It is released as.A remote attacker could bypass the filters set on the device. CiscoEmailSecurityAppliance is a set of email security appliances. CiscoContentSecurityManagement is a unified email and web security management solution. An email scanning vulnerability exists in CiscoAsyncOSSoftware on CiscoEmailSecurityAppliance (ESA) devices. This vulnerability stems from incorrect authentication of emails with attachments and modified MIME headers. An unauthenticated remote attacker bypasses the configured filter. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCvd34632. AsyncOS Software is the operating system used in it",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6671"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004810"
},
{
"db": "CNVD",
"id": "CNVD-2017-11578"
},
{
"db": "BID",
"id": "98969"
},
{
"db": "VULHUB",
"id": "VHN-114874"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6671",
"trust": 3.4
},
{
"db": "BID",
"id": "98969",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1038635",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004810",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-373",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-11578",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "36819",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114874",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11578"
},
{
"db": "VULHUB",
"id": "VHN-114874"
},
{
"db": "BID",
"id": "98969"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004810"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-373"
},
{
"db": "NVD",
"id": "CVE-2017-6671"
}
]
},
"id": "VAR-201706-0587",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11578"
},
{
"db": "VULHUB",
"id": "VHN-114874"
}
],
"trust": 1.28850889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11578"
}
]
},
"last_update_date": "2025-04-20T23:43:03.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170607-esa1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1"
},
{
"title": "CiscoEmailSecurityAppliance Attachment Filter bypasses vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/96511"
},
{
"title": "Cisco Email Security Appliance AsyncOS Software Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71486"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11578"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004810"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-373"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114874"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004810"
},
{
"db": "NVD",
"id": "CVE-2017-6671"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-esa1"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/98969"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1038635"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6671"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6671"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36819"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11578"
},
{
"db": "VULHUB",
"id": "VHN-114874"
},
{
"db": "BID",
"id": "98969"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004810"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-373"
},
{
"db": "NVD",
"id": "CVE-2017-6671"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-11578"
},
{
"db": "VULHUB",
"id": "VHN-114874"
},
{
"db": "BID",
"id": "98969"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004810"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-373"
},
{
"db": "NVD",
"id": "CVE-2017-6671"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-11578"
},
{
"date": "2017-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-114874"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "98969"
},
{
"date": "2017-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004810"
},
{
"date": "2017-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-373"
},
{
"date": "2017-06-13T06:29:01.097000",
"db": "NVD",
"id": "CVE-2017-6671"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-11578"
},
{
"date": "2017-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-114874"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "98969"
},
{
"date": "2017-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004810"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-373"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6671"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-373"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Email Security Appliance for Cisco AsyncOS Vulnerability in software that bypasses filters configured on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004810"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-373"
}
],
"trust": 0.6
}
}
VAR-201701-0726
Vulnerability from variot - Updated: 2025-04-20 23:38A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz16076. Known Affected Releases: 9.7.1-066 9.7.1-HP2-207 9.8.5-085. Known Fixed Releases: 10.0.1-083 10.0.1-087. The CiscoAsyncOSonEmailSecurityAppliance(ESA)device is a set of operating systems running on an Email Security Appliance (ESA) from Cisco. A remote security bypass vulnerability exists in CiscoEmailSecurityApplianceforAsyncOS. The attacker exploited the vulnerability to bypass security restrictions and perform unauthorized actions and launch further attacks. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuz16076
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0726",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7.1-hp2-207"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.8.5-085"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.7.1-hp2-207"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.8.5-085"
},
{
"model": "email security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01034"
},
{
"db": "BID",
"id": "95637"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001386"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-779"
},
{
"db": "NVD",
"id": "CVE-2017-3800"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001386"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "95637"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-779"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3800",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3800",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01034",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-112003",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-3800",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3800",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-3800",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-01034",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-779",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-112003",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01034"
},
{
"db": "VULHUB",
"id": "VHN-112003"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001386"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-779"
},
{
"db": "NVD",
"id": "CVE-2017-3800"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz16076. Known Affected Releases: 9.7.1-066 9.7.1-HP2-207 9.8.5-085. Known Fixed Releases: 10.0.1-083 10.0.1-087. The CiscoAsyncOSonEmailSecurityAppliance(ESA)device is a set of operating systems running on an Email Security Appliance (ESA) from Cisco. A remote security bypass vulnerability exists in CiscoEmailSecurityApplianceforAsyncOS. The attacker exploited the vulnerability to bypass security restrictions and perform unauthorized actions and launch further attacks. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCuz16076 ",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3800"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001386"
},
{
"db": "CNVD",
"id": "CNVD-2017-01034"
},
{
"db": "BID",
"id": "95637"
},
{
"db": "VULHUB",
"id": "VHN-112003"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3800",
"trust": 3.4
},
{
"db": "BID",
"id": "95637",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1037656",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001386",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-779",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-01034",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-112003",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01034"
},
{
"db": "VULHUB",
"id": "VHN-112003"
},
{
"db": "BID",
"id": "95637"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001386"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-779"
},
{
"db": "NVD",
"id": "CVE-2017-3800"
}
]
},
"id": "VAR-201701-0726",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01034"
},
{
"db": "VULHUB",
"id": "VHN-112003"
}
],
"trust": 1.13892258
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01034"
}
]
},
"last_update_date": "2025-04-20T23:38:37.972000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170118-esa",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa"
},
{
"title": "CiscoEmailSecurityApplianceforAsyncOS Remote Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/88717"
},
{
"title": "Cisco Email Security Appliance for AsyncOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67338"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01034"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001386"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-779"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112003"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001386"
},
{
"db": "NVD",
"id": "CVE-2017-3800"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/95637"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170118-esa"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037656"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3800"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3800"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01034"
},
{
"db": "VULHUB",
"id": "VHN-112003"
},
{
"db": "BID",
"id": "95637"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001386"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-779"
},
{
"db": "NVD",
"id": "CVE-2017-3800"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-01034"
},
{
"db": "VULHUB",
"id": "VHN-112003"
},
{
"db": "BID",
"id": "95637"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001386"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-779"
},
{
"db": "NVD",
"id": "CVE-2017-3800"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01034"
},
{
"date": "2017-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-112003"
},
{
"date": "2017-01-18T00:00:00",
"db": "BID",
"id": "95637"
},
{
"date": "2017-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001386"
},
{
"date": "2017-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-779"
},
{
"date": "2017-01-26T07:59:00.513000",
"db": "NVD",
"id": "CVE-2017-3800"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01034"
},
{
"date": "2017-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-112003"
},
{
"date": "2017-01-23T02:11:00",
"db": "BID",
"id": "95637"
},
{
"date": "2017-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001386"
},
{
"date": "2017-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-779"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-3800"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-779"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco E Email Security For appliance AsyncOS Vulnerability in software content scanning engine that bypasses configured message or content filtering",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001386"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-779"
}
],
"trust": 0.6
}
}
VAR-201702-0792
Vulnerability from variot - Updated: 2025-04-20 23:32A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA or services scanning content of web access on the WSA. More Information: SCvb91473, CSCvc76500. Known Affected Releases: 10.0.0-203 9.9.9-894 WSA10.0.0-233. Vendors have confirmed this vulnerability Bug ID SCvb91473 and CSCvc76500 It is released as.A remote attacker may be able to bypass user filters configured on the device. Cisco AsyncOS is a set of operating systems used in these products. A remote security bypass vulnerability exists in CiscoAsyncOSforEmail and WebSecurityAppliances. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized actions, resulting in further attacks. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvb91473. The title and technical details have been changed to better reflect the vulnerability impact. The Multipurpose Internet Mail Extensions (MIME) scanner is one of those email scanners
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0792",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 2.5,
"vendor": "cisco",
"version": "10.0.0-203"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "9.9.9-894"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0-232"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0-124"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0-124"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0-232"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0-203"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0-125"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0-125"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0-082"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.0.0-082"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9.6-026"
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "web security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.0.0-233"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7.2-148"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.0-035"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.2-020"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.1-103"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01890"
},
{
"db": "BID",
"id": "96239"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-660"
},
{
"db": "NVD",
"id": "CVE-2017-3827"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001728"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "96239"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-660"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3827",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3827",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01890",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-112030",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-3827",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3827",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-3827",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-01890",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-660",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-112030",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01890"
},
{
"db": "VULHUB",
"id": "VHN-112030"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-660"
},
{
"db": "NVD",
"id": "CVE-2017-3827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA or services scanning content of web access on the WSA. More Information: SCvb91473, CSCvc76500. Known Affected Releases: 10.0.0-203 9.9.9-894 WSA10.0.0-233. Vendors have confirmed this vulnerability Bug ID SCvb91473 and CSCvc76500 It is released as.A remote attacker may be able to bypass user filters configured on the device. Cisco AsyncOS is a set of operating systems used in these products. A remote security bypass vulnerability exists in CiscoAsyncOSforEmail and WebSecurityAppliances. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized actions, resulting in further attacks. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCvb91473. The title and technical details have been changed to better reflect the vulnerability impact. The Multipurpose Internet Mail Extensions (MIME) scanner is one of those email scanners",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3827"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001728"
},
{
"db": "CNVD",
"id": "CNVD-2017-01890"
},
{
"db": "BID",
"id": "96239"
},
{
"db": "VULHUB",
"id": "VHN-112030"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3827",
"trust": 3.4
},
{
"db": "BID",
"id": "96239",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1037831",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1037832",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001728",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-660",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-01890",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-112030",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01890"
},
{
"db": "VULHUB",
"id": "VHN-112030"
},
{
"db": "BID",
"id": "96239"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-660"
},
{
"db": "NVD",
"id": "CVE-2017-3827"
}
]
},
"id": "VAR-201702-0792",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01890"
},
{
"db": "VULHUB",
"id": "VHN-112030"
}
],
"trust": 1.2453611533333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01890"
}
]
},
"last_update_date": "2025-04-20T23:32:16.123000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170215-asyncos",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-asyncos"
},
{
"title": "CiscoAsyncOSforEmail and WebSecurityAppliances Remote Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/89710"
},
{
"title": "Cisco AsyncOS Software for Cisco ESA and Cisco WSA Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68171"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01890"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-660"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112030"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001728"
},
{
"db": "NVD",
"id": "CVE-2017-3827"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/96239"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170215-asyncos"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1037831"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1037832"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3827"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3827"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01890"
},
{
"db": "VULHUB",
"id": "VHN-112030"
},
{
"db": "BID",
"id": "96239"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-660"
},
{
"db": "NVD",
"id": "CVE-2017-3827"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-01890"
},
{
"db": "VULHUB",
"id": "VHN-112030"
},
{
"db": "BID",
"id": "96239"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-660"
},
{
"db": "NVD",
"id": "CVE-2017-3827"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01890"
},
{
"date": "2017-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-112030"
},
{
"date": "2017-02-15T00:00:00",
"db": "BID",
"id": "96239"
},
{
"date": "2017-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001728"
},
{
"date": "2017-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-660"
},
{
"date": "2017-02-22T02:59:00.230000",
"db": "NVD",
"id": "CVE-2017-3827"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01890"
},
{
"date": "2017-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-112030"
},
{
"date": "2017-05-23T16:26:00",
"db": "BID",
"id": "96239"
},
{
"date": "2017-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001728"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-660"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-3827"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-660"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ESA and WSA of AsyncOS Software MIME Vulnerability in the scanner that bypasses the user filter set on the device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001728"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-660"
}
],
"trust": 0.6
}
}
VAR-201711-0348
Vulnerability from variot - Updated: 2025-04-20 23:32A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666. Cisco AsyncOS The software contains vulnerabilities related to security functions. Vendors have confirmed this vulnerability Bug ID CSCvf44666 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. AsyncOS Software is the operating system used in it. Multipurpose Internet Mail Extensions (MIME) scanner is one of the multipurpose mail extension scanners
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0348",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asyncos",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "102002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010454"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1213"
},
{
"db": "NVD",
"id": "CVE-2017-12353"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010454"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mai Ngoc Duong.",
"sources": [
{
"db": "BID",
"id": "102002"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12353",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12353",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-102867",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12353",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12353",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12353",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-1213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102867",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102867"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010454"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1213"
},
{
"db": "NVD",
"id": "CVE-2017-12353"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666. Cisco AsyncOS The software contains vulnerabilities related to security functions. Vendors have confirmed this vulnerability Bug ID CSCvf44666 It is released as.Information may be tampered with. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. AsyncOS Software is the operating system used in it. Multipurpose Internet Mail Extensions (MIME) scanner is one of the multipurpose mail extension scanners",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12353"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010454"
},
{
"db": "BID",
"id": "102002"
},
{
"db": "VULHUB",
"id": "VHN-102867"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12353",
"trust": 2.8
},
{
"db": "BID",
"id": "102002",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039917",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010454",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1213",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-102867",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102867"
},
{
"db": "BID",
"id": "102002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010454"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1213"
},
{
"db": "NVD",
"id": "CVE-2017-12353"
}
]
},
"id": "VAR-201711-0348",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102867"
}
],
"trust": 0.53892258
},
"last_update_date": "2025-04-20T23:32:02.731000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20171129-esa",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010454"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102867"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010454"
},
{
"db": "NVD",
"id": "CVE-2017-12353"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-esa"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/102002"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039917"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12353"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12353"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102867"
},
{
"db": "BID",
"id": "102002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010454"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1213"
},
{
"db": "NVD",
"id": "CVE-2017-12353"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-102867"
},
{
"db": "BID",
"id": "102002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010454"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1213"
},
{
"db": "NVD",
"id": "CVE-2017-12353"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-102867"
},
{
"date": "2017-11-29T00:00:00",
"db": "BID",
"id": "102002"
},
{
"date": "2017-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010454"
},
{
"date": "2017-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1213"
},
{
"date": "2017-11-30T09:29:01.073000",
"db": "NVD",
"id": "CVE-2017-12353"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102867"
},
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "102002"
},
{
"date": "2017-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010454"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1213"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12353"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1213"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AsyncOS Vulnerabilities related to security functions in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010454"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1213"
}
],
"trust": 0.6
}
}
VAR-201709-0681
Vulnerability from variot - Updated: 2025-04-20 23:30A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The vulnerability is due to the failure of AMP to scan certain EML attachments that could contain malware. An attacker could exploit this vulnerability by sending an email with a crafted EML attachment through the targeted device. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering and allow the malware to be delivered to the end user. Vulnerable Products: This vulnerability affects Cisco AsyncOS Software for Cisco ESA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA. Cisco Bug IDs: CSCuz81533. Vendors have confirmed this vulnerability Bug ID CSCuz81533 It is released as.Information may be tampered with. AsyncOSSoftware is the operating system used in it. AdvancedMalwareProtection (AMP) is one of the advanced malware protection components. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0681",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "9.7.0-125"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "8.5.5-280"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "10.0.0-082"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "9.6.0-042"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.0-264"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32477"
},
{
"db": "BID",
"id": "100681"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007984"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-229"
},
{
"db": "NVD",
"id": "CVE-2017-12218"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007984"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "100681"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12218",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12218",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-32477",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-102718",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12218",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12218",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12218",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-32477",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-229",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102718",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32477"
},
{
"db": "VULHUB",
"id": "VHN-102718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007984"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-229"
},
{
"db": "NVD",
"id": "CVE-2017-12218"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The vulnerability is due to the failure of AMP to scan certain EML attachments that could contain malware. An attacker could exploit this vulnerability by sending an email with a crafted EML attachment through the targeted device. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering and allow the malware to be delivered to the end user. Vulnerable Products: This vulnerability affects Cisco AsyncOS Software for Cisco ESA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA. Cisco Bug IDs: CSCuz81533. Vendors have confirmed this vulnerability Bug ID CSCuz81533 It is released as.Information may be tampered with. AsyncOSSoftware is the operating system used in it. AdvancedMalwareProtection (AMP) is one of the advanced malware protection components. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12218"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007984"
},
{
"db": "CNVD",
"id": "CNVD-2017-32477"
},
{
"db": "BID",
"id": "100681"
},
{
"db": "VULHUB",
"id": "VHN-102718"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12218",
"trust": 3.4
},
{
"db": "BID",
"id": "100681",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1039288",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007984",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-229",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-32477",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-102718",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32477"
},
{
"db": "VULHUB",
"id": "VHN-102718"
},
{
"db": "BID",
"id": "100681"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007984"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-229"
},
{
"db": "NVD",
"id": "CVE-2017-12218"
}
]
},
"id": "VAR-201709-0681",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32477"
},
{
"db": "VULHUB",
"id": "VHN-102718"
}
],
"trust": 1.28850889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32477"
}
]
},
"last_update_date": "2025-04-20T23:30:52.742000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170906-esa",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-esa"
},
{
"title": "CiscoAsyncOSSoftware Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/104403"
},
{
"title": "Cisco Email Security Appliances Advanced Malware Protection Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74583"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32477"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007984"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-229"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007984"
},
{
"db": "NVD",
"id": "CVE-2017-12218"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/100681"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-esa"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039288"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12218"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12218"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32477"
},
{
"db": "VULHUB",
"id": "VHN-102718"
},
{
"db": "BID",
"id": "100681"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007984"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-229"
},
{
"db": "NVD",
"id": "CVE-2017-12218"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-32477"
},
{
"db": "VULHUB",
"id": "VHN-102718"
},
{
"db": "BID",
"id": "100681"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007984"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-229"
},
{
"db": "NVD",
"id": "CVE-2017-12218"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32477"
},
{
"date": "2017-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-102718"
},
{
"date": "2017-09-06T00:00:00",
"db": "BID",
"id": "100681"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007984"
},
{
"date": "2017-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-229"
},
{
"date": "2017-09-07T21:29:00.410000",
"db": "NVD",
"id": "CVE-2017-12218"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32477"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102718"
},
{
"date": "2017-09-06T00:00:00",
"db": "BID",
"id": "100681"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007984"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-229"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12218"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-229"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Email Security Appliance for AsyncOS Software input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007984"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-229"
}
],
"trust": 0.6
}
}
VAR-201709-0678
Vulnerability from variot - Updated: 2025-04-20 23:29A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354. Vendors have confirmed this vulnerability Bug ID CSCvd29354 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. AsyncOS Software is the operating system used in it. The following releases are affected: Cisco AsyncOS Software Release 9.0, Release 9.1, Release 9.6, Release 9.7, Release 9.8, Release 10.0
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7"
},
{
"_id": null,
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.5"
},
{
"_id": null,
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1"
},
{
"_id": null,
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.2"
},
{
"_id": null,
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.6"
},
{
"_id": null,
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.8"
},
{
"_id": null,
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0"
},
{
"_id": null,
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ironport messaging gateway appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x10709.7.2-065"
},
{
"_id": null,
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7.2-065"
},
{
"_id": null,
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"_id": null,
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.1-087"
},
{
"_id": null,
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.0-203"
},
{
"_id": null,
"model": "asyncos software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.8.1-015"
},
{
"_id": null,
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.0-264"
},
{
"_id": null,
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.2-020"
}
],
"sources": [
{
"db": "BID",
"id": "100920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
},
{
"db": "NVD",
"id": "CVE-2017-12215"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
}
]
},
"credits": {
"_id": null,
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "100920"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12215",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12215",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-102715",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CVE-2017-12215",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12215",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-12215",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1039",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102715",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-12215",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102715"
},
{
"db": "VULMON",
"id": "CVE-2017-12215"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
},
{
"db": "NVD",
"id": "CVE-2017-12215"
}
]
},
"description": {
"_id": null,
"data": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354. Vendors have confirmed this vulnerability Bug ID CSCvd29354 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. AsyncOS Software is the operating system used in it. The following releases are affected: Cisco AsyncOS Software Release 9.0, Release 9.1, Release 9.6, Release 9.7, Release 9.8, Release 10.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12215"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "BID",
"id": "100920"
},
{
"db": "VULHUB",
"id": "VHN-102715"
},
{
"db": "VULMON",
"id": "CVE-2017-12215"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-12215",
"trust": 2.9
},
{
"db": "BID",
"id": "100920",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1039414",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-102715",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-12215",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102715"
},
{
"db": "VULMON",
"id": "CVE-2017-12215"
},
{
"db": "BID",
"id": "100920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
},
{
"db": "NVD",
"id": "CVE-2017-12215"
}
]
},
"id": "VAR-201709-0678",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102715"
}
],
"trust": 0.6885088899999999
},
"last_update_date": "2025-04-20T23:29:34.261000Z",
"patch": {
"_id": null,
"data": [
{
"title": "cisco-sa-20170920-esa",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa"
},
{
"title": "Cisco Email Security Appliance AsyncOS Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75053"
},
{
"title": "Cisco: Cisco Email Security Appliance Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170920-esa"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-12215"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102715"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "NVD",
"id": "CVE-2017-12215"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170920-esa"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/100920"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1039414"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12215"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12215"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102715"
},
{
"db": "VULMON",
"id": "CVE-2017-12215"
},
{
"db": "BID",
"id": "100920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
},
{
"db": "NVD",
"id": "CVE-2017-12215"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-102715",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-12215",
"ident": null
},
{
"db": "BID",
"id": "100920",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008414",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1039",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-12215",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-102715",
"ident": null
},
{
"date": "2017-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12215",
"ident": null
},
{
"date": "2017-09-20T00:00:00",
"db": "BID",
"id": "100920",
"ident": null
},
{
"date": "2017-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008414",
"ident": null
},
{
"date": "2017-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1039",
"ident": null
},
{
"date": "2017-09-21T05:29:00.277000",
"db": "NVD",
"id": "CVE-2017-12215",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102715",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12215",
"ident": null
},
{
"date": "2017-09-20T00:00:00",
"db": "BID",
"id": "100920",
"ident": null
},
{
"date": "2017-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008414",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1039",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12215",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Cisco Email Security Appliance for AsyncOS Software input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008414"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1039"
}
],
"trust": 0.6
}
}
VAR-201711-0364
Vulnerability from variot - Updated: 2025-04-20 23:12A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943. Cisco Web Security Appliance AsyncOS There is a security check vulnerability in the software. Vendors have confirmed this vulnerability Bug ID CSCvf52943 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. Cisco AsyncOS Software is an operating system that runs on it
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0364",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.1.1-235"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.1.1-234"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.1-235"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1.1-234"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "advanced malware protection",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "101932"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010469"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-676"
},
{
"db": "NVD",
"id": "CVE-2017-12303"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010469"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "101932"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12303",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12303",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-102812",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12303",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12303",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12303",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-676",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102812",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102812"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010469"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-676"
},
{
"db": "NVD",
"id": "CVE-2017-12303"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943. Cisco Web Security Appliance AsyncOS There is a security check vulnerability in the software. Vendors have confirmed this vulnerability Bug ID CSCvf52943 It is released as.Information may be tampered with. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. Cisco AsyncOS Software is an operating system that runs on it",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010469"
},
{
"db": "BID",
"id": "101932"
},
{
"db": "VULHUB",
"id": "VHN-102812"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12303",
"trust": 2.8
},
{
"db": "BID",
"id": "101932",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039828",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010469",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-676",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-102812",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102812"
},
{
"db": "BID",
"id": "101932"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010469"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-676"
},
{
"db": "NVD",
"id": "CVE-2017-12303"
}
]
},
"id": "VAR-201711-0364",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102812"
}
],
"trust": 0.69858044
},
"last_update_date": "2025-04-20T23:12:45.546000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20171115-wsa",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa"
},
{
"title": "Cisco Web Security Appliance Cisco AsyncOS Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76500"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010469"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-676"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-358",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102812"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010469"
},
{
"db": "NVD",
"id": "CVE-2017-12303"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171115-wsa"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101932"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039828"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12303"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12303"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102812"
},
{
"db": "BID",
"id": "101932"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010469"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-676"
},
{
"db": "NVD",
"id": "CVE-2017-12303"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-102812"
},
{
"db": "BID",
"id": "101932"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010469"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-676"
},
{
"db": "NVD",
"id": "CVE-2017-12303"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-16T00:00:00",
"db": "VULHUB",
"id": "VHN-102812"
},
{
"date": "2017-11-15T00:00:00",
"db": "BID",
"id": "101932"
},
{
"date": "2017-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010469"
},
{
"date": "2017-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-676"
},
{
"date": "2017-11-16T07:29:00.430000",
"db": "NVD",
"id": "CVE-2017-12303"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102812"
},
{
"date": "2017-12-19T22:00:00",
"db": "BID",
"id": "101932"
},
{
"date": "2017-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010469"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-676"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12303"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-676"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Web Security Appliance AsyncOS Vulnerabilities related to security checks in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-676"
}
],
"trust": 0.6
}
}
VAR-201502-0152
Vulnerability from variot - Updated: 2025-04-13 23:42The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. Vendors have confirmed this vulnerability CSCur44412 , CSCur44415 , CSCur89630 , CSCur89636 , CSCur89633 ,and CSCur89639 It is released as.Skillfully crafted by a third party HTTP A redirect may be triggered via the header. Cisco AsyncOS is a set of operating systems used in these products. Cisco AsyncOS Software is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID's CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. The following products are affected: ESA, Content SMA, WSA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 2.2,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "asyncos 8.5"
},
{
"model": "e email security the appliance",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "(asyncos 8.5 )"
},
{
"model": "web security the appliance",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "(asyncos 8.5 )"
},
{
"model": "content security management appliance",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "(asyncos 8.3 )"
},
{
"model": "content security management appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:content_security_management_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Glafkos Charalambous",
"sources": [
{
"db": "BID",
"id": "72702"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0624",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-0624",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-01347",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-78570",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0624",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0624",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-01347",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-379",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78570",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0624",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. Vendors have confirmed this vulnerability CSCur44412 , CSCur44415 , CSCur89630 , CSCur89636 , CSCur89633 ,and CSCur89639 It is released as.Skillfully crafted by a third party HTTP A redirect may be triggered via the header. Cisco AsyncOS is a set of operating systems used in these products. Cisco AsyncOS Software is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker can leverage this issue to conduct phishing attacks; other attacks are possible. \nThis issue is being tracked by Cisco Bug ID\u0027s CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. The following products are affected: ESA, Content SMA, WSA",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0624"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "BID",
"id": "72702"
},
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "VULMON",
"id": "CVE-2015-0624"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-78570",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78570"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0624",
"trust": 3.5
},
{
"db": "BID",
"id": "72702",
"trust": 1.5
},
{
"db": "PACKETSTORM",
"id": "130525",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1031781",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1031782",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01347",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78570",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0624",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"db": "BID",
"id": "72702"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
}
]
},
"id": "VAR-201502-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "VULHUB",
"id": "VHN-78570"
}
],
"trust": 1.14899413
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
}
]
},
"last_update_date": "2025-04-13T23:42:05.025000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco AsyncOS Software HTTP Redirect Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624"
},
{
"title": "37544",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37544"
},
{
"title": "Cisco AsyncOS Web Framework Input Patch for Validation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/55644"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0624"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/72702"
},
{
"trust": 1.3,
"url": "http://packetstormsecurity.com/files/130525/cisco-ironport-asyncos-http-header-injection.html"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1031781"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1031782"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0624"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0624"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"db": "BID",
"id": "72702"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"db": "BID",
"id": "72702"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"date": "2015-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-78570"
},
{
"date": "2015-02-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"date": "2015-02-20T00:00:00",
"db": "BID",
"id": "72702"
},
{
"date": "2015-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"date": "2015-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-379"
},
{
"date": "2015-02-21T11:59:02.920000",
"db": "NVD",
"id": "CVE-2015-0624"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-78570"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"date": "2015-03-08T16:02:00",
"db": "BID",
"id": "72702"
},
{
"date": "2015-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"date": "2015-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-379"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-0624"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AsyncOS Web Framework Input Validation Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
],
"trust": 0.6
}
}
VAR-201610-0317
Vulnerability from variot - Updated: 2025-04-13 23:41A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026. Vendors have confirmed this vulnerability Bug CSCuz01651 It is released as. Supplementary information : CWE Vulnerability type by CWE-388: Error Handling ( Error handling ) Has been identified. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. Cisco AsyncOS has a security bypass vulnerability that allows an attacker to exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuz01651. The appliance offers spam protection, email encryption, data loss prevention, and more. The following releases are affected: Cisco ESA 10.0.9-015, 9.7.1-066, 9.9.6-026
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0317",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.9.6-026"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.9.6-026"
},
{
"model": "asyncos software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10396"
},
{
"db": "BID",
"id": "93909"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005649"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-750"
},
{
"db": "NVD",
"id": "CVE-2016-6357"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005649"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93909"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-750"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6357",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6357",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10396",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-95177",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6357",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6357",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-6357",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10396",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-750",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95177",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10396"
},
{
"db": "VULHUB",
"id": "VHN-95177"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005649"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-750"
},
{
"db": "NVD",
"id": "CVE-2016-6357"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026. Vendors have confirmed this vulnerability Bug CSCuz01651 It is released as. Supplementary information : CWE Vulnerability type by CWE-388: Error Handling ( Error handling ) Has been identified. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. Cisco AsyncOS has a security bypass vulnerability that allows an attacker to exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCuz01651. The appliance offers spam protection, email encryption, data loss prevention, and more. The following releases are affected: Cisco ESA 10.0.9-015, 9.7.1-066, 9.9.6-026",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6357"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005649"
},
{
"db": "CNVD",
"id": "CNVD-2016-10396"
},
{
"db": "BID",
"id": "93909"
},
{
"db": "VULHUB",
"id": "VHN-95177"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6357",
"trust": 3.4
},
{
"db": "BID",
"id": "93909",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1037114",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005649",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-750",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10396",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95177",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10396"
},
{
"db": "VULHUB",
"id": "VHN-95177"
},
{
"db": "BID",
"id": "93909"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005649"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-750"
},
{
"db": "NVD",
"id": "CVE-2016-6357"
}
]
},
"id": "VAR-201610-0317",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10396"
},
{
"db": "VULHUB",
"id": "VHN-95177"
}
],
"trust": 1.28850889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10396"
}
]
},
"last_update_date": "2025-04-13T23:41:16.839000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161026-esa5",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5"
},
{
"title": "Patch for CiscoAsyncOS Security Bypass Vulnerability (CNVD-2016-10396)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83245"
},
{
"title": "Cisco Email Security Appliance Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10396"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005649"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-750"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-388",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95177"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005649"
},
{
"db": "NVD",
"id": "CVE-2016-6357"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/93909"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-esa5"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037114"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6357"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6357"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10396"
},
{
"db": "VULHUB",
"id": "VHN-95177"
},
{
"db": "BID",
"id": "93909"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005649"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-750"
},
{
"db": "NVD",
"id": "CVE-2016-6357"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10396"
},
{
"db": "VULHUB",
"id": "VHN-95177"
},
{
"db": "BID",
"id": "93909"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005649"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-750"
},
{
"db": "NVD",
"id": "CVE-2016-6357"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10396"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95177"
},
{
"date": "2016-10-26T00:00:00",
"db": "BID",
"id": "93909"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005649"
},
{
"date": "2016-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-750"
},
{
"date": "2016-10-28T10:59:07.917000",
"db": "NVD",
"id": "CVE-2016-6357"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10396"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-95177"
},
{
"date": "2016-11-24T11:03:00",
"db": "BID",
"id": "93909"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005649"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-750"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6357"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-750"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco E Email Security Runs on the appliance AsyncOS Vulnerabilities in which filter drop settings can be bypassed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005649"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-750"
}
],
"trust": 0.6
}
}
VAR-201610-0318
Vulnerability from variot - Updated: 2025-04-13 23:39A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. Vendors have confirmed this vulnerability Bug ID CSCuy54740 and CSCuy75174 It is released as.A third party could bypass the filtering function. Cisco AsyncOS for Email and Web Security Appliances are products of Cisco. CiscoAsyncOSforEmailSecurityAppliances is a set of operating systems used by Cisco Systems in the E-mail Security Appliance (ESA). Cisco Web Security Appliance (WSA) is a network security appliance. A remote security bypass vulnerability exists in CiscoAsyncOSforEmail and WebSecurityAppliances. An attacker could exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. This may aid in further attacks This issue is tracked by Cisco Bug IDs CSCuy54740 and CSCuy75174
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.6"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.7"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-074"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.7.5-835"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-106"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7.0-125"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.9.1-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.5.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.5.0-201"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-461"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-212"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-235"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.5-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.4.4-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.1-021"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-444"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-113"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.1-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1_base"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.5"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0.000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.1-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0_base"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5_base"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-101"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.6.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.6.0-623"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-042"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.6-078"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.2-hp2-303"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.8.0-085"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0_base"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.0-608"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-er1-198"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.2"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-284"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9_base"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.3-055"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-051"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-073"
},
{
"model": "web security appliance 8.0.5",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "hot_patch_1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-032"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.4.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.0-825"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.2-027"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.7-142"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9.6-026"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.8-mr-113"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.2-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-497"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-070"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.1"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.6-119"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.6.0-011"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-052"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.8.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.2-024"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-011"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.1-023"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-193"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.4"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.2-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.0-000"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "web security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "BID",
"id": "93911"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93911"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6372",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6372",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10403",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-95192",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6372",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6372",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-6372",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10403",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-748",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95192",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "VULHUB",
"id": "VHN-95192"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. Vendors have confirmed this vulnerability Bug ID CSCuy54740 and CSCuy75174 It is released as.A third party could bypass the filtering function. Cisco AsyncOS for Email and Web Security Appliances are products of Cisco. CiscoAsyncOSforEmailSecurityAppliances is a set of operating systems used by Cisco Systems in the E-mail Security Appliance (ESA). Cisco Web Security Appliance (WSA) is a network security appliance. A remote security bypass vulnerability exists in CiscoAsyncOSforEmail and WebSecurityAppliances. An attacker could exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. This may aid in further attacks\nThis issue is tracked by Cisco Bug IDs CSCuy54740 and CSCuy75174",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "BID",
"id": "93911"
},
{
"db": "VULHUB",
"id": "VHN-95192"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6372",
"trust": 3.4
},
{
"db": "BID",
"id": "93911",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1037118",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1037119",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10403",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95192",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "VULHUB",
"id": "VHN-95192"
},
{
"db": "BID",
"id": "93911"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
}
]
},
"id": "VAR-201610-0318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "VULHUB",
"id": "VHN-95192"
}
],
"trust": 1.2453611533333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
}
]
},
"last_update_date": "2025-04-13T23:39:30.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161026-esawsa2",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2"
},
{
"title": "CiscoAsyncOSforEmail and WebSecurityAppliances Remote Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83295"
},
{
"title": "Cisco AsyncOS for Cisco Email Security Appliances and Web Security Appliances Repair measures for security bypass vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65157"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95192"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/93911"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-esawsa2"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037118"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037119"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6372"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6372"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "VULHUB",
"id": "VHN-95192"
},
{
"db": "BID",
"id": "93911"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "VULHUB",
"id": "VHN-95192"
},
{
"db": "BID",
"id": "93911"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
},
{
"db": "NVD",
"id": "CVE-2016-6372"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95192"
},
{
"date": "2016-10-26T00:00:00",
"db": "BID",
"id": "93911"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-748"
},
{
"date": "2016-10-28T10:59:11.387000",
"db": "NVD",
"id": "CVE-2016-6372"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-95192"
},
{
"date": "2016-11-24T01:10:00",
"db": "BID",
"id": "93911"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005652"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-748"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6372"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AsyncOS for Email and Web Security Appliances Remote Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10403"
},
{
"db": "BID",
"id": "93911"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-748"
}
],
"trust": 0.6
}
}
VAR-201511-0004
Vulnerability from variot - Updated: 2025-04-13 23:37Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795. Vendors have confirmed this vulnerability Bug ID CSCus79774 , CSCus79777 ,and CSCzv95795 It is released as.A large amount by a third party TCP Service disruption via packets ( Memory consumption ) There is a possibility of being put into a state. The Cisco AsyncOS operating system enhances the security and performance of Cisco Email Security appliances. A security vulnerability exists in the Cisco AsyncOS f network stack. An attacker can exploit this issue to cause a denial-of-service condition. This issue is tracked by Cisco Bug IDs CSCus79774, CSCus79777, and CSCzv95795. The following releases are affected: Cisco AsyncOS on Cisco ESA appliances prior to 8.5.7-042, 9.x prior to 9.1.0-032, 9.1.x prior to 9.1.1-023, and 9.5 prior to 9.6.0-042. x and 9.6.x releases; Cisco AsyncOS releases prior to 9.1.0-032 on Content SMA appliances, 9.1.1 releases prior to 9.1.1-005, and 9.5.x releases prior to 9.5.0-025; Cisco AsyncOS releases on WSA appliances AsyncOS versions prior to 7.7.0-725 and versions 8.x prior to 8.0.8-113
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1.2-000"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.3.6-014"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.3.0-350"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.0-073"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.0-004"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.2.0-238"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1.0-001"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.4.0-150"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.9.2-116"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.3.5-061"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.1.1-033"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-212"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.5-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.4.4-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.0-000"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.8.1-001"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.1-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0.000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6.1-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.0-825"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.6.0-623"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.2-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.8.0-311"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.8.0-328"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.9.0-201"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6.3-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.6.0-011"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-052"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.1-031"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-011"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3.7-010"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.1-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.2-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.0-000"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.5.x (sma)"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.x (wsa)"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1.1-005"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.6.0-042"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1.1 (sma)"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.6.x (esa)"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "(wsa)"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.7.0-725"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(sma)"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1.0-032"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "(sma)"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.x (esa)"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(esa)"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.5.x (esa)"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1.x (esa)"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "(esa)"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1.1-023"
},
{
"model": "web security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(wsa)"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.5.0-025"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.0.8-113"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.5.x"
},
{
"model": "email security appliance",
"scope": "lt",
"trust": 0.6,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.x(\u003c9.1.0-032)"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.1.x(\u003c9.1.1-023)"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.6.x(\u003c9.6.0-042)"
},
{
"model": "content security management appliance",
"scope": "lt",
"trust": 0.6,
"vendor": "cisco",
"version": "9.1.0-032"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.1.1(\u003c9.1.1-005)"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.5.x(\u003c9.5.0-025)"
},
{
"model": "web security appliance",
"scope": "lt",
"trust": 0.6,
"vendor": "cisco",
"version": "7.7.0-725"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.x(\u003c8.0.8-113)"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.8-113"
},
{
"model": "web security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7.0-725"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.0-042"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.0-032"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "content security management appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5.0-025"
},
{
"model": "content security management appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1-005"
},
{
"model": "content security management appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.0-032"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07404"
},
{
"db": "BID",
"id": "77434"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005770"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-102"
},
{
"db": "NVD",
"id": "CVE-2015-6321"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:content_security_management_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005770"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "77434"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6321",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6321",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07404",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84282",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6321",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6321",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07404",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-102",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84282",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07404"
},
{
"db": "VULHUB",
"id": "VHN-84282"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005770"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-102"
},
{
"db": "NVD",
"id": "CVE-2015-6321"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795. Vendors have confirmed this vulnerability Bug ID CSCus79774 , CSCus79777 ,and CSCzv95795 It is released as.A large amount by a third party TCP Service disruption via packets ( Memory consumption ) There is a possibility of being put into a state. The Cisco AsyncOS operating system enhances the security and performance of Cisco Email Security appliances. A security vulnerability exists in the Cisco AsyncOS f network stack. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThis issue is tracked by Cisco Bug IDs CSCus79774, CSCus79777, and CSCzv95795. The following releases are affected: Cisco AsyncOS on Cisco ESA appliances prior to 8.5.7-042, 9.x prior to 9.1.0-032, 9.1.x prior to 9.1.1-023, and 9.5 prior to 9.6.0-042. x and 9.6.x releases; Cisco AsyncOS releases prior to 9.1.0-032 on Content SMA appliances, 9.1.1 releases prior to 9.1.1-005, and 9.5.x releases prior to 9.5.0-025; Cisco AsyncOS releases on WSA appliances AsyncOS versions prior to 7.7.0-725 and versions 8.x prior to 8.0.8-113",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6321"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005770"
},
{
"db": "CNVD",
"id": "CNVD-2015-07404"
},
{
"db": "BID",
"id": "77434"
},
{
"db": "VULHUB",
"id": "VHN-84282"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6321",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034060",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034061",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005770",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-102",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07404",
"trust": 0.6
},
{
"db": "BID",
"id": "77434",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84282",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07404"
},
{
"db": "VULHUB",
"id": "VHN-84282"
},
{
"db": "BID",
"id": "77434"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005770"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-102"
},
{
"db": "NVD",
"id": "CVE-2015-6321"
}
]
},
"id": "VAR-201511-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07404"
},
{
"db": "VULHUB",
"id": "VHN-84282"
}
],
"trust": 1.14899413
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07404"
}
]
},
"last_update_date": "2025-04-13T23:37:31.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20151104-aos",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos"
},
{
"title": "Patch for Cisco AsyncOS Denial of Service Vulnerability (CNVD-2015-07404)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/66476"
},
{
"title": "Cisco AsyncOS Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58598"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07404"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005770"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-102"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84282"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005770"
},
{
"db": "NVD",
"id": "CVE-2015-6321"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151104-aos"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034060"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034061"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6321"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6321"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07404"
},
{
"db": "VULHUB",
"id": "VHN-84282"
},
{
"db": "BID",
"id": "77434"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005770"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-102"
},
{
"db": "NVD",
"id": "CVE-2015-6321"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07404"
},
{
"db": "VULHUB",
"id": "VHN-84282"
},
{
"db": "BID",
"id": "77434"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005770"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-102"
},
{
"db": "NVD",
"id": "CVE-2015-6321"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07404"
},
{
"date": "2015-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-84282"
},
{
"date": "2015-11-04T00:00:00",
"db": "BID",
"id": "77434"
},
{
"date": "2015-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005770"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-102"
},
{
"date": "2015-11-06T03:59:03.433000",
"db": "NVD",
"id": "CVE-2015-6321"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07404"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84282"
},
{
"date": "2015-11-04T00:00:00",
"db": "BID",
"id": "77434"
},
{
"date": "2015-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005770"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-102"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6321"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Security Runs on the appliance AsyncOS Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005770"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-102"
}
],
"trust": 0.6
}
}
VAR-201511-0006
Vulnerability from variot - Updated: 2025-04-13 23:37Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151. The Cisco AsyncOS operating system enhances the security and performance of Cisco Email Security appliances. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuv47151. The vulnerability is caused by the fact that the program does not perform body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filters. Correctly handle malformed fields. The following releases are affected: Cisco AsyncOS releases prior to 8.5.7-043, releases 9.x prior to 9.1.1-023, releases 9.5.x and releases 9.6.x prior to 9.6.0-046
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.0-212"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.7.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-052"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0_base"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-113"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.0-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5_base"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.5-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.7.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-461"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-074"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-106"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-073"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-042"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.5.x"
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1.1-023"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.6.0-046"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.6.x"
},
{
"model": "email security appliance",
"scope": "lt",
"trust": 0.6,
"vendor": "cisco",
"version": "8.5.7-043"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.x(\u003c9.1.1-023)"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.5.x"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.6.x(\u003c9.6.0-046)"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.2"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.1"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.0-046"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1-023"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.7-043"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07403"
},
{
"db": "BID",
"id": "77436"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005765"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-100"
},
{
"db": "NVD",
"id": "CVE-2015-6291"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005765"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "77436"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6291",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6291",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07403",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84252",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6291",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6291",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07403",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84252",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07403"
},
{
"db": "VULHUB",
"id": "VHN-84252"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005765"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-100"
},
{
"db": "NVD",
"id": "CVE-2015-6291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151. The Cisco AsyncOS operating system enhances the security and performance of Cisco Email Security appliances. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCuv47151. The vulnerability is caused by the fact that the program does not perform body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filters. Correctly handle malformed fields. The following releases are affected: Cisco AsyncOS releases prior to 8.5.7-043, releases 9.x prior to 9.1.1-023, releases 9.5.x and releases 9.6.x prior to 9.6.0-046",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6291"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005765"
},
{
"db": "CNVD",
"id": "CNVD-2015-07403"
},
{
"db": "BID",
"id": "77436"
},
{
"db": "VULHUB",
"id": "VHN-84252"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6291",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034064",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005765",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-100",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07403",
"trust": 0.6
},
{
"db": "BID",
"id": "77436",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84252",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07403"
},
{
"db": "VULHUB",
"id": "VHN-84252"
},
{
"db": "BID",
"id": "77436"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005765"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-100"
},
{
"db": "NVD",
"id": "CVE-2015-6291"
}
]
},
"id": "VAR-201511-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07403"
},
{
"db": "VULHUB",
"id": "VHN-84252"
}
],
"trust": 1.13892258
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07403"
}
]
},
"last_update_date": "2025-04-13T23:37:31.033000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20151104-esa2",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-esa2"
},
{
"title": "Patch for Cisco AsyncOS Denial of Service Vulnerability (CNVD-2015-07403)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/66475"
},
{
"title": "Cisco Email Security Appliance AsyncOS Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58596"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07403"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005765"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84252"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005765"
},
{
"db": "NVD",
"id": "CVE-2015-6291"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151104-esa2"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034064"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6291"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6291"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151104-wsa2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07403"
},
{
"db": "VULHUB",
"id": "VHN-84252"
},
{
"db": "BID",
"id": "77436"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005765"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-100"
},
{
"db": "NVD",
"id": "CVE-2015-6291"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07403"
},
{
"db": "VULHUB",
"id": "VHN-84252"
},
{
"db": "BID",
"id": "77436"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005765"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-100"
},
{
"db": "NVD",
"id": "CVE-2015-6291"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07403"
},
{
"date": "2015-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-84252"
},
{
"date": "2015-11-04T00:00:00",
"db": "BID",
"id": "77436"
},
{
"date": "2015-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005765"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-100"
},
{
"date": "2015-11-06T03:59:00.090000",
"db": "NVD",
"id": "CVE-2015-6291"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07403"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84252"
},
{
"date": "2015-11-04T00:00:00",
"db": "BID",
"id": "77436"
},
{
"date": "2015-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005765"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-100"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6291"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco E Email Security Runs on the appliance device AsyncOS Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005765"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-100"
}
],
"trust": 0.6
}
}
VAR-201511-0008
Vulnerability from variot - Updated: 2025-04-13 23:37Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur39155. Vendors have confirmed this vulnerability Bug ID CSCur39155 It is released as.Multiple third parties file-range Service disruption via request ( Memory consumption ) There is a possibility of being put into a state. The Cisco AsyncOS operating system enhances the security and performance of Cisco Email Security appliances. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCur39155 and CSCuu29304. The following releases are affected: Cisco AsyncOS 8.x prior to 8.0.8-113, 8.1.x and 8.5.x prior to 8.5.3-051, 8.6.x and 8.7.x prior to 8.7.0-171-LD Version, 8.8.x version before 8.8.0-085
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.6"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.8-mr-113"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.6-078"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.2-024"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.5"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.7-142"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.0-497"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.0.000"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.7.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.3-051"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.8.0-085"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.7.0-171-ld"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.1.x"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.8.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.6.x"
},
{
"model": "web security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.0.8-113"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.x(\u003c8.0.8-113)"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.1.x"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.5.x(\u003c8.5.3-051)"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.6.x"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.7.x"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.8.x(\u003c8.8.0-085)"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8.0-085"
},
{
"model": "asyncos 8.7.0-171-ld",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.3-051"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.8-113"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07405"
},
{
"db": "BID",
"id": "77438"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005767"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-101"
},
{
"db": "NVD",
"id": "CVE-2015-6293"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005767"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "77438"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6293",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6293",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07405",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84254",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6293",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6293",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07405",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-101",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84254",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-6293",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07405"
},
{
"db": "VULHUB",
"id": "VHN-84254"
},
{
"db": "VULMON",
"id": "CVE-2015-6293"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005767"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-101"
},
{
"db": "NVD",
"id": "CVE-2015-6293"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur39155. Vendors have confirmed this vulnerability Bug ID CSCur39155 It is released as.Multiple third parties file-range Service disruption via request ( Memory consumption ) There is a possibility of being put into a state. The Cisco AsyncOS operating system enhances the security and performance of Cisco Email Security appliances. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThis issue is being tracked by Cisco Bug IDs CSCur39155 and CSCuu29304. The following releases are affected: Cisco AsyncOS 8.x prior to 8.0.8-113, 8.1.x and 8.5.x prior to 8.5.3-051, 8.6.x and 8.7.x prior to 8.7.0-171-LD Version, 8.8.x version before 8.8.0-085",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6293"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005767"
},
{
"db": "CNVD",
"id": "CNVD-2015-07405"
},
{
"db": "BID",
"id": "77438"
},
{
"db": "VULHUB",
"id": "VHN-84254"
},
{
"db": "VULMON",
"id": "CVE-2015-6293"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6293",
"trust": 3.5
},
{
"db": "SECTRACK",
"id": "1034063",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005767",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-101",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07405",
"trust": 0.6
},
{
"db": "BID",
"id": "77438",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84254",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-6293",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07405"
},
{
"db": "VULHUB",
"id": "VHN-84254"
},
{
"db": "VULMON",
"id": "CVE-2015-6293"
},
{
"db": "BID",
"id": "77438"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005767"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-101"
},
{
"db": "NVD",
"id": "CVE-2015-6293"
}
]
},
"id": "VAR-201511-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07405"
},
{
"db": "VULHUB",
"id": "VHN-84254"
}
],
"trust": 1.1590656799999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07405"
}
]
},
"last_update_date": "2025-04-13T23:37:30.995000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20151104-wsa2",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa2"
},
{
"title": "Patch for Cisco AsyncOS Denial of Service Vulnerability (CNVD-2015-07405)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/66477"
},
{
"title": "Cisco Web Security Appliance AsyncOS Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58597"
},
{
"title": "Cisco: Cisco Web Security Appliance Range Request Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151104-wsa2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07405"
},
{
"db": "VULMON",
"id": "CVE-2015-6293"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005767"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84254"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005767"
},
{
"db": "NVD",
"id": "CVE-2015-6293"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151104-wsa2"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1034063"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6293"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6293"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07405"
},
{
"db": "VULHUB",
"id": "VHN-84254"
},
{
"db": "VULMON",
"id": "CVE-2015-6293"
},
{
"db": "BID",
"id": "77438"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005767"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-101"
},
{
"db": "NVD",
"id": "CVE-2015-6293"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07405"
},
{
"db": "VULHUB",
"id": "VHN-84254"
},
{
"db": "VULMON",
"id": "CVE-2015-6293"
},
{
"db": "BID",
"id": "77438"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005767"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-101"
},
{
"db": "NVD",
"id": "CVE-2015-6293"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07405"
},
{
"date": "2015-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-84254"
},
{
"date": "2015-11-06T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6293"
},
{
"date": "2015-11-04T00:00:00",
"db": "BID",
"id": "77438"
},
{
"date": "2015-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005767"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-101"
},
{
"date": "2015-11-06T03:59:02.497000",
"db": "NVD",
"id": "CVE-2015-6293"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07405"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84254"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6293"
},
{
"date": "2015-11-04T00:00:00",
"db": "BID",
"id": "77438"
},
{
"date": "2015-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005767"
},
{
"date": "2015-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-101"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6293"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Web Security Runs on the appliance device AsyncOS Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005767"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-101"
}
],
"trust": 0.6
}
}
VAR-201403-0465
Vulnerability from variot - Updated: 2025-04-13 23:36The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118. The Cisco IronPort family of products is a widely used mail encryption gateway, and AsyncOS is the operating system used by the product. Cisco AsyncOS Software is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code with root privileges. Failed exploit attempts will likely result in denial-of-service conditions. This issue is tracked by Cisco BugId's CSCug79377, and CSCug80118. End User Safelist/Blocklist (aka SLBL ) service has a security vulnerability, which stems from the fact that the program does not fully verify the SLBL database file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0465",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ironport asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "ironport asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.1"
},
{
"model": "ironport asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "ironport asyncos",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6.2-201"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ironport asyncos",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.9.1-039"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.6.3-023"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.x (*1)"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.x (*2)"
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.9.1-110"
},
{
"model": "content security management appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "(*2)"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.0.1-023"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "(*1)"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.1.1-013"
},
{
"model": "ironport asyncos software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ironport asyncos",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.9.1-039"
},
{
"model": "ironport asyncos",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.6.2-201"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01906"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001748"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-387"
},
{
"db": "NVD",
"id": "CVE-2014-2119"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:content_security_management_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001748"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "66309"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2119",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2014-2119",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-01906",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-70058",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2119",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2119",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-01906",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-387",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-70058",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01906"
},
{
"db": "VULHUB",
"id": "VHN-70058"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001748"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-387"
},
{
"db": "NVD",
"id": "CVE-2014-2119"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118. The Cisco IronPort family of products is a widely used mail encryption gateway, and AsyncOS is the operating system used by the product. Cisco AsyncOS Software is prone to a remote code-execution vulnerability. \nAn attacker can leverage this issue to execute arbitrary code with root privileges. Failed exploit attempts will likely result in denial-of-service conditions. \nThis issue is tracked by Cisco BugId\u0027s CSCug79377, and CSCug80118. End User Safelist/Blocklist (aka SLBL ) service has a security vulnerability, which stems from the fact that the program does not fully verify the SLBL database file",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2119"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001748"
},
{
"db": "CNVD",
"id": "CNVD-2014-01906"
},
{
"db": "BID",
"id": "66309"
},
{
"db": "VULHUB",
"id": "VHN-70058"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2119",
"trust": 3.4
},
{
"db": "BID",
"id": "66309",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001748",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-387",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01906",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20140319 CISCO ASYNCOS SOFTWARE CODE EXECUTION VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70058",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01906"
},
{
"db": "VULHUB",
"id": "VHN-70058"
},
{
"db": "BID",
"id": "66309"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001748"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-387"
},
{
"db": "NVD",
"id": "CVE-2014-2119"
}
]
},
"id": "VAR-201403-0465",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01906"
},
{
"db": "VULHUB",
"id": "VHN-70058"
}
],
"trust": 1.19887304
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01906"
}
]
},
"last_update_date": "2025-04-13T23:36:36.378000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20140319-asyncos",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos"
},
{
"title": "33309",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33309"
},
{
"title": "cisco-sa-20140319-asyncos",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1122/1122225_cisco-sa-20140319-asyncos-j.html"
},
{
"title": "Cisco AsyncOS Software \u0027Safelist/Blocklist (SLBL)\u0027 Function Remote Code Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/44475"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01906"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001748"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70058"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001748"
},
{
"db": "NVD",
"id": "CVE-2014-2119"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140319-asyncos"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2119"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2119"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/security/center/viewipssignature.x?signatureid=3889\u0026signaturesubid=0\u0026softwareversion=6.0\u0026releaseversion=s778"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01906"
},
{
"db": "VULHUB",
"id": "VHN-70058"
},
{
"db": "BID",
"id": "66309"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001748"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-387"
},
{
"db": "NVD",
"id": "CVE-2014-2119"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01906"
},
{
"db": "VULHUB",
"id": "VHN-70058"
},
{
"db": "BID",
"id": "66309"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001748"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-387"
},
{
"db": "NVD",
"id": "CVE-2014-2119"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01906"
},
{
"date": "2014-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-70058"
},
{
"date": "2014-03-19T00:00:00",
"db": "BID",
"id": "66309"
},
{
"date": "2014-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001748"
},
{
"date": "2014-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-387"
},
{
"date": "2014-03-21T01:04:02.937000",
"db": "NVD",
"id": "CVE-2014-2119"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01906"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-70058"
},
{
"date": "2014-03-19T00:00:00",
"db": "BID",
"id": "66309"
},
{
"date": "2014-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001748"
},
{
"date": "2014-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-387"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2119"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-387"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Security The appliance for Cisco AsyncOS In root Vulnerability to execute arbitrary code with privileges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001748"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-387"
}
],
"trust": 0.6
}
}
VAR-201610-0316
Vulnerability from variot - Updated: 2025-04-13 23:36A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. Vendors have confirmed this vulnerability Bug ID CSCuz63143 It is released as.Service disruption by a third party (DoS) Status and scanning and email forwarding will be stopped There is a possibility. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. An attacker can exploit this issue to restart the device, resulting in denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuz63143
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0316",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.0-101"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-052"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.0-er1-198"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-113"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.3.1-09"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.0-461"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.5.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.5.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.6.3-025"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-073"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6.1-gpl-022"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-212"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.5-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.4.4-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.2-201"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.5"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-051"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.7.0-125"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.4.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.6.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.4"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.2-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-201"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.8.0-311"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-106"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.8.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6.3-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.6.0-011"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-011"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0_base"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-074"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.1-023"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.1-000"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7.2-047"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1-038"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.0-125"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10394"
},
{
"db": "BID",
"id": "93907"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005648"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-753"
},
{
"db": "NVD",
"id": "CVE-2016-6356"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005648"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93907"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-753"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6356",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6356",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10394",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-95176",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6356",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6356",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-6356",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10394",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-753",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-95176",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6356",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10394"
},
{
"db": "VULHUB",
"id": "VHN-95176"
},
{
"db": "VULMON",
"id": "CVE-2016-6356"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005648"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-753"
},
{
"db": "NVD",
"id": "CVE-2016-6356"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. Vendors have confirmed this vulnerability Bug ID CSCuz63143 It is released as.Service disruption by a third party (DoS) Status and scanning and email forwarding will be stopped There is a possibility. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. \nAn attacker can exploit this issue to restart the device, resulting in denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCuz63143",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6356"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005648"
},
{
"db": "CNVD",
"id": "CNVD-2016-10394"
},
{
"db": "BID",
"id": "93907"
},
{
"db": "VULHUB",
"id": "VHN-95176"
},
{
"db": "VULMON",
"id": "CVE-2016-6356"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6356",
"trust": 3.5
},
{
"db": "BID",
"id": "93907",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1037122",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005648",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-753",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10394",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95176",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6356",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10394"
},
{
"db": "VULHUB",
"id": "VHN-95176"
},
{
"db": "VULMON",
"id": "CVE-2016-6356"
},
{
"db": "BID",
"id": "93907"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005648"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-753"
},
{
"db": "NVD",
"id": "CVE-2016-6356"
}
]
},
"id": "VAR-201610-0316",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10394"
},
{
"db": "VULHUB",
"id": "VHN-95176"
}
],
"trust": 1.28850889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10394"
}
]
},
"last_update_date": "2025-04-13T23:36:19.993000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161026-esa3",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"
},
{
"title": "Patch for CiscoAsyncOS Denial of Service Vulnerability (CNVD-2016-10394)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83242"
},
{
"title": "Cisco AsyncOS for Cisco Email Security Appliances Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65109"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10394"
},
{
"db": "VULMON",
"id": "CVE-2016-6356"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005648"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-753"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95176"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005648"
},
{
"db": "NVD",
"id": "CVE-2016-6356"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/93907"
},
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-esa3"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1037122"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6356"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6356"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10394"
},
{
"db": "VULHUB",
"id": "VHN-95176"
},
{
"db": "VULMON",
"id": "CVE-2016-6356"
},
{
"db": "BID",
"id": "93907"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005648"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-753"
},
{
"db": "NVD",
"id": "CVE-2016-6356"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10394"
},
{
"db": "VULHUB",
"id": "VHN-95176"
},
{
"db": "VULMON",
"id": "CVE-2016-6356"
},
{
"db": "BID",
"id": "93907"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005648"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-753"
},
{
"db": "NVD",
"id": "CVE-2016-6356"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10394"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95176"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6356"
},
{
"date": "2016-10-26T00:00:00",
"db": "BID",
"id": "93907"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005648"
},
{
"date": "2016-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-753"
},
{
"date": "2016-10-28T10:59:06.587000",
"db": "NVD",
"id": "CVE-2016-6356"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10394"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-95176"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6356"
},
{
"date": "2016-11-24T07:03:00",
"db": "BID",
"id": "93907"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005648"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-753"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6356"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-753"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ESA Run on device AsyncOS Service disruption in software email message filtering function (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005648"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-753"
}
],
"trust": 0.6
}
}
VAR-201610-0337
Vulnerability from variot - Updated: 2025-04-13 23:36A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047. Vendors have confirmed this vulnerability Bug ID CSCuz02235 It is released as.By any third party Web Script or HTML May be inserted. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. A security vulnerability exists in Cisco AsyncOS that allows an attacker to exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. This issue is being tracked by Cisco Bug ID CSCuz02235
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0337",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.9.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.0-212"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.0-101"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.0-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.9.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.0-461"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.5-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.9.2-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-011"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10398"
},
{
"db": "BID",
"id": "93912"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005644"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-751"
},
{
"db": "NVD",
"id": "CVE-2016-1423"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005644"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93912"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-751"
}
],
"trust": 0.9
},
"cve": "CVE-2016-1423",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1423",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-10398",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-90242",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1423",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1423",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1423",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-10398",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-751",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90242",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10398"
},
{
"db": "VULHUB",
"id": "VHN-90242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005644"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-751"
},
{
"db": "NVD",
"id": "CVE-2016-1423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047. Vendors have confirmed this vulnerability Bug ID CSCuz02235 It is released as.By any third party Web Script or HTML May be inserted. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. A security vulnerability exists in Cisco AsyncOS that allows an attacker to exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. \nThis issue is being tracked by Cisco Bug ID CSCuz02235",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1423"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005644"
},
{
"db": "CNVD",
"id": "CNVD-2016-10398"
},
{
"db": "BID",
"id": "93912"
},
{
"db": "VULHUB",
"id": "VHN-90242"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1423",
"trust": 3.4
},
{
"db": "BID",
"id": "93912",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1037113",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005644",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-751",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10398",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90242",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10398"
},
{
"db": "VULHUB",
"id": "VHN-90242"
},
{
"db": "BID",
"id": "93912"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005644"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-751"
},
{
"db": "NVD",
"id": "CVE-2016-1423"
}
]
},
"id": "VAR-201610-0337",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10398"
},
{
"db": "VULHUB",
"id": "VHN-90242"
}
],
"trust": 1.28850889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10398"
}
]
},
"last_update_date": "2025-04-13T23:36:19.957000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161026-esa4",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa4"
},
{
"title": "CiscoAsyncOS Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83244"
},
{
"title": "Cisco AsyncOS for Cisco Email Security Appliances Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65107"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10398"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005644"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-751"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90242"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005644"
},
{
"db": "NVD",
"id": "CVE-2016-1423"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/93912"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-esa4"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037113"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1423"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1423"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10398"
},
{
"db": "VULHUB",
"id": "VHN-90242"
},
{
"db": "BID",
"id": "93912"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005644"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-751"
},
{
"db": "NVD",
"id": "CVE-2016-1423"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10398"
},
{
"db": "VULHUB",
"id": "VHN-90242"
},
{
"db": "BID",
"id": "93912"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005644"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-751"
},
{
"db": "NVD",
"id": "CVE-2016-1423"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10398"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-90242"
},
{
"date": "2016-10-26T00:00:00",
"db": "BID",
"id": "93912"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005644"
},
{
"date": "2016-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-751"
},
{
"date": "2016-10-28T10:59:00.213000",
"db": "NVD",
"id": "CVE-2016-1423"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10398"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-90242"
},
{
"date": "2016-11-24T10:04:00",
"db": "BID",
"id": "93912"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005644"
},
{
"date": "2016-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-751"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1423"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-751"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco E Email Security Runs on the appliance device AsyncOS of MIQ Cross-site scripting vulnerability in view email message display",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005644"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-751"
}
],
"trust": 0.6
}
}
VAR-201610-0342
Vulnerability from variot - Updated: 2025-04-13 23:33A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066. Vendors have confirmed this vulnerability Bug ID CSCux59873 It is released as.Service disruption by a third party (DoS) There is a possibility of being put into a state. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCux59873. The following versions are affected: Cisco AsyncOS Software for Cisco ESA 8.5.6-106, 9.1.0-032, 9.7.0-125
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.6.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-074"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7.0-125"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.6.0-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.4.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.6.0-011"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.9.2-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-461"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-212"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-201"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-106"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.5-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.4.4-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-073"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-051"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-052"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-113"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-011"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-101"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.6.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-er1-198"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-000"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.2"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.1"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7.0-204"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7.0-132"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.3-027"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.5-026"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.3-010"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7.2-065"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7.1-066"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.2-041"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1-038"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.0-203"
},
{
"model": "asyncos",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0.0-124"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10393"
},
{
"db": "BID",
"id": "93908"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005646"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-752"
},
{
"db": "NVD",
"id": "CVE-2016-1481"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005646"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93908"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-752"
}
],
"trust": 0.9
},
"cve": "CVE-2016-1481",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1481",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10393",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-90300",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1481",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1481",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1481",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10393",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-752",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90300",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1481",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10393"
},
{
"db": "VULHUB",
"id": "VHN-90300"
},
{
"db": "VULMON",
"id": "CVE-2016-1481"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005646"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-752"
},
{
"db": "NVD",
"id": "CVE-2016-1481"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066. Vendors have confirmed this vulnerability Bug ID CSCux59873 It is released as.Service disruption by a third party (DoS) There is a possibility of being put into a state. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. \nAn attacker can exploit this issue to cause a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCux59873. The following versions are affected: Cisco AsyncOS Software for Cisco ESA 8.5.6-106, 9.1.0-032, 9.7.0-125",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1481"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005646"
},
{
"db": "CNVD",
"id": "CNVD-2016-10393"
},
{
"db": "BID",
"id": "93908"
},
{
"db": "VULHUB",
"id": "VHN-90300"
},
{
"db": "VULMON",
"id": "CVE-2016-1481"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1481",
"trust": 3.5
},
{
"db": "BID",
"id": "93908",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1037123",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005646",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-752",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10393",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90300",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1481",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10393"
},
{
"db": "VULHUB",
"id": "VHN-90300"
},
{
"db": "VULMON",
"id": "CVE-2016-1481"
},
{
"db": "BID",
"id": "93908"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005646"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-752"
},
{
"db": "NVD",
"id": "CVE-2016-1481"
}
]
},
"id": "VAR-201610-0342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10393"
},
{
"db": "VULHUB",
"id": "VHN-90300"
}
],
"trust": 1.28850889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10393"
}
]
},
"last_update_date": "2025-04-13T23:33:56.782000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161026-esa1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1"
},
{
"title": "Patch for CiscoAsyncOS Denial of Service Vulnerability (CNVD-2016-10393)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83243"
},
{
"title": "Cisco AsyncOS for Cisco Email Security Appliances Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65108"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10393"
},
{
"db": "VULMON",
"id": "CVE-2016-1481"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005646"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-752"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90300"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005646"
},
{
"db": "NVD",
"id": "CVE-2016-1481"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/93908"
},
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-esa1"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1037123"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1481"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1481"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10393"
},
{
"db": "VULHUB",
"id": "VHN-90300"
},
{
"db": "VULMON",
"id": "CVE-2016-1481"
},
{
"db": "BID",
"id": "93908"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005646"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-752"
},
{
"db": "NVD",
"id": "CVE-2016-1481"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10393"
},
{
"db": "VULHUB",
"id": "VHN-90300"
},
{
"db": "VULMON",
"id": "CVE-2016-1481"
},
{
"db": "BID",
"id": "93908"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005646"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-752"
},
{
"db": "NVD",
"id": "CVE-2016-1481"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10393"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-90300"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1481"
},
{
"date": "2016-10-26T00:00:00",
"db": "BID",
"id": "93908"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005646"
},
{
"date": "2016-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-752"
},
{
"date": "2016-10-28T10:59:03.713000",
"db": "NVD",
"id": "CVE-2016-1481"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10393"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-90300"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1481"
},
{
"date": "2016-11-24T00:04:00",
"db": "BID",
"id": "93908"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005646"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-752"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1481"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-752"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ESA Run on device AsyncOS Service disruption in software email message filtering function (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005646"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-752"
}
],
"trust": 0.6
}
}
VAR-201612-0159
Vulnerability from variot - Updated: 2025-04-13 23:33A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of the following Cisco products: Cisco Email Security Appliances (ESAs) that are configured to use message or content filters that scan incoming email attachments; Cisco Web Security Appliances (WSAs) that are configured to use services that scan accessed web content. More Information: CSCva90076, CSCvb06764. Known Affected Releases: 10.0.0-125 8.5.7-042 9.7.2-047. Vendors have confirmed this vulnerability Bug ID CSCva90076 , CSCvb06764 It is released as.A remote attacker may be able to bypass the configured user filter. CiscoEmailSecurityAppliance is a Cisco email security appliance. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCva90076. Note:The issue affects all the devices running Cisco AsyncOS Software. The vulnerability stems from the fact that the program cannot properly filter certain TAR format files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0159",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0-232"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7.2-047"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0.0-125"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.0.0-125"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.0.0-232"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.7.2-047"
},
{
"model": "email security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12543"
},
{
"db": "BID",
"id": "94901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006305"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-231"
},
{
"db": "NVD",
"id": "CVE-2016-6465"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006305"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "94901"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6465",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-6465",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-12543",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-95285",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-6465",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6465",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-6465",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-12543",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-231",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95285",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12543"
},
{
"db": "VULHUB",
"id": "VHN-95285"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006305"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-231"
},
{
"db": "NVD",
"id": "CVE-2016-6465"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of the following Cisco products: Cisco Email Security Appliances (ESAs) that are configured to use message or content filters that scan incoming email attachments; Cisco Web Security Appliances (WSAs) that are configured to use services that scan accessed web content. More Information: CSCva90076, CSCvb06764. Known Affected Releases: 10.0.0-125 8.5.7-042 9.7.2-047. Vendors have confirmed this vulnerability Bug ID CSCva90076 , CSCvb06764 It is released as.A remote attacker may be able to bypass the configured user filter. CiscoEmailSecurityAppliance is a Cisco email security appliance. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCva90076. \nNote:The issue affects all the devices running Cisco AsyncOS Software. The vulnerability stems from the fact that the program cannot properly filter certain TAR format files",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6465"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006305"
},
{
"db": "CNVD",
"id": "CNVD-2016-12543"
},
{
"db": "BID",
"id": "94901"
},
{
"db": "VULHUB",
"id": "VHN-95285"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6465",
"trust": 3.4
},
{
"db": "BID",
"id": "94901",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1037404",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006305",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-12543",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201612-231",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95285",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12543"
},
{
"db": "VULHUB",
"id": "VHN-95285"
},
{
"db": "BID",
"id": "94901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006305"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-231"
},
{
"db": "NVD",
"id": "CVE-2016-6465"
}
]
},
"id": "VAR-201612-0159",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12543"
},
{
"db": "VULHUB",
"id": "VHN-95285"
}
],
"trust": 1.13892258
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12543"
}
]
},
"last_update_date": "2025-04-13T23:33:55.870000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161207-esa",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa"
},
{
"title": "Patch for CiscoEmailSecurityAppliance Security Bypass Vulnerability (CNVD-2016-12543)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/86150"
},
{
"title": "Cisco AsyncOS for Cisco Email Security Appliances Repair measures for security bypass vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66268"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12543"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006305"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-231"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95285"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006305"
},
{
"db": "NVD",
"id": "CVE-2016-6465"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-esa"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/94901"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037404"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6465"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6465"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12543"
},
{
"db": "VULHUB",
"id": "VHN-95285"
},
{
"db": "BID",
"id": "94901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006305"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-231"
},
{
"db": "NVD",
"id": "CVE-2016-6465"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12543"
},
{
"db": "VULHUB",
"id": "VHN-95285"
},
{
"db": "BID",
"id": "94901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006305"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-231"
},
{
"db": "NVD",
"id": "CVE-2016-6465"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12543"
},
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-95285"
},
{
"date": "2016-12-07T00:00:00",
"db": "BID",
"id": "94901"
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006305"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-231"
},
{
"date": "2016-12-14T00:59:04.547000",
"db": "NVD",
"id": "CVE-2016-6465"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12543"
},
{
"date": "2017-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-95285"
},
{
"date": "2016-12-20T01:09:00",
"db": "BID",
"id": "94901"
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006305"
},
{
"date": "2016-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-231"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6465"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-231"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco E Email Security For appliance AsyncOS Vulnerability that bypasses the set user filter in the content filtering function of the software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006305"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-231"
}
],
"trust": 0.6
}
}
VAR-201410-1000
Vulnerability from variot - Updated: 2025-04-13 23:32The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934. Vendors have confirmed this vulnerability Bug ID CSCup07934 It is released as.A third party may be able to bypass malware filtering through a crafted archive. Cisco AsyncOS is the operating system used by multiple Cisco products. A remote security bypass vulnerability exists in Cisco AsyncOS Software that allows an attacker to bypass certain security restrictions and perform unauthorized operations. Cisco AsyncOS Software is prone to a remote security-bypass vulnerability. This issue is being tracked by Cisco Bug ID CSCup07934. The vulnerability is caused by the program not correctly parsing ZIP compressed files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-1000",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asyncos",
"scope": "lte",
"trust": 1.8,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06731"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004983"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-631"
},
{
"db": "NVD",
"id": "CVE-2014-3381"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004983"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "70414"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3381",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3381",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-06731",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-71321",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3381",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3381",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-06731",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-631",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71321",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06731"
},
{
"db": "VULHUB",
"id": "VHN-71321"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004983"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-631"
},
{
"db": "NVD",
"id": "CVE-2014-3381"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934. Vendors have confirmed this vulnerability Bug ID CSCup07934 It is released as.A third party may be able to bypass malware filtering through a crafted archive. Cisco AsyncOS is the operating system used by multiple Cisco products. A remote security bypass vulnerability exists in Cisco AsyncOS Software that allows an attacker to bypass certain security restrictions and perform unauthorized operations. Cisco AsyncOS Software is prone to a remote security-bypass vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCup07934. The vulnerability is caused by the program not correctly parsing ZIP compressed files",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3381"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004983"
},
{
"db": "CNVD",
"id": "CNVD-2014-06731"
},
{
"db": "BID",
"id": "70414"
},
{
"db": "VULHUB",
"id": "VHN-71321"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3381",
"trust": 3.4
},
{
"db": "BID",
"id": "70414",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004983",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-631",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-06731",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71321",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06731"
},
{
"db": "VULHUB",
"id": "VHN-71321"
},
{
"db": "BID",
"id": "70414"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004983"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-631"
},
{
"db": "NVD",
"id": "CVE-2014-3381"
}
]
},
"id": "VAR-201410-1000",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06731"
},
{
"db": "VULHUB",
"id": "VHN-71321"
}
],
"trust": 1.4380951999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06731"
}
]
},
"last_update_date": "2025-04-13T23:32:47.665000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco AsyncOS Software ZIP Filtering Bypass Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3381"
},
{
"title": "36062",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36062"
},
{
"title": "Cisco AsyncOS Software Remote Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50828"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06731"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004983"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71321"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004983"
},
{
"db": "NVD",
"id": "CVE-2014-3381"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3381"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36062"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3381"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3381"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/70414"
},
{
"trust": 0.3,
"url": "www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06731"
},
{
"db": "VULHUB",
"id": "VHN-71321"
},
{
"db": "BID",
"id": "70414"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004983"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-631"
},
{
"db": "NVD",
"id": "CVE-2014-3381"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-06731"
},
{
"db": "VULHUB",
"id": "VHN-71321"
},
{
"db": "BID",
"id": "70414"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004983"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-631"
},
{
"db": "NVD",
"id": "CVE-2014-3381"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06731"
},
{
"date": "2014-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-71321"
},
{
"date": "2014-10-13T00:00:00",
"db": "BID",
"id": "70414"
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004983"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-631"
},
{
"date": "2014-10-19T01:55:13.607000",
"db": "NVD",
"id": "CVE-2014-3381"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06731"
},
{
"date": "2014-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-71321"
},
{
"date": "2014-10-15T16:03:00",
"db": "BID",
"id": "70414"
},
{
"date": "2014-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004983"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-631"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3381"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-631"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Email Security Appliance Run on Cisco AsyncOS of ZIP Vulnerabilities that can bypass malware filtering in the inspection engine",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004983"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-631"
}
],
"trust": 0.6
}
}
VAR-201502-0139
Vulnerability from variot - Updated: 2025-04-13 23:32The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. Cisco AsyncOS is Cisco's custom operating system for the performance and security of all messaging applications. Cisco AsyncOS Software is prone to a remote security-bypass vulnerability. This issue is being tracked by Cisco Bug ID CSCzv54343
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0139",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asyncos",
"scope": "lte",
"trust": 1.8,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos software",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=8.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00993"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001529"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-132"
},
{
"db": "NVD",
"id": "CVE-2015-0605"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001529"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "72528"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0605",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-0605",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00993",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-78551",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0605",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0605",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00993",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-132",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78551",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00993"
},
{
"db": "VULHUB",
"id": "VHN-78551"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001529"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-132"
},
{
"db": "NVD",
"id": "CVE-2015-0605"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. Cisco AsyncOS is Cisco\u0027s custom operating system for the performance and security of all messaging applications. Cisco AsyncOS Software is prone to a remote security-bypass vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCzv54343",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0605"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001529"
},
{
"db": "CNVD",
"id": "CNVD-2015-00993"
},
{
"db": "BID",
"id": "72528"
},
{
"db": "VULHUB",
"id": "VHN-78551"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0605",
"trust": 3.4
},
{
"db": "BID",
"id": "72528",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "62829",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001529",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-132",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-00993",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78551",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00993"
},
{
"db": "VULHUB",
"id": "VHN-78551"
},
{
"db": "BID",
"id": "72528"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001529"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-132"
},
{
"db": "NVD",
"id": "CVE-2015-0605"
}
]
},
"id": "VAR-201502-0139",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00993"
},
{
"db": "VULHUB",
"id": "VHN-78551"
}
],
"trust": 1.4380951999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00993"
}
]
},
"last_update_date": "2025-04-13T23:32:46.470000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco AsyncOS Software Uuencoded Email Filtering Bypass Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0605"
},
{
"title": "37384",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37384"
},
{
"title": "Patch for Cisco AsyncOS Software Remote Security Bypass Vulnerability (CNVD-2015-00993)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/55176"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00993"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001529"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78551"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001529"
},
{
"db": "NVD",
"id": "CVE-2015-0605"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37384"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0605"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/72528"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62829"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100695"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0605"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0605"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72528/"
},
{
"trust": 0.3,
"url": "www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00993"
},
{
"db": "VULHUB",
"id": "VHN-78551"
},
{
"db": "BID",
"id": "72528"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001529"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-132"
},
{
"db": "NVD",
"id": "CVE-2015-0605"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-00993"
},
{
"db": "VULHUB",
"id": "VHN-78551"
},
{
"db": "BID",
"id": "72528"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001529"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-132"
},
{
"db": "NVD",
"id": "CVE-2015-0605"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00993"
},
{
"date": "2015-02-07T00:00:00",
"db": "VULHUB",
"id": "VHN-78551"
},
{
"date": "2015-02-06T00:00:00",
"db": "BID",
"id": "72528"
},
{
"date": "2015-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001529"
},
{
"date": "2015-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-132"
},
{
"date": "2015-02-07T04:59:09",
"db": "NVD",
"id": "CVE-2015-0605"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00993"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-78551"
},
{
"date": "2015-02-06T00:00:00",
"db": "BID",
"id": "72528"
},
{
"date": "2015-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001529"
},
{
"date": "2015-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-132"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-0605"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-132"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco E Email Security Runs on the appliance AsyncOS of uuencode Vulnerabilities that can bypass content restrictions in inspection engines",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001529"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-132"
}
],
"trust": 0.6
}
}
VAR-201511-0009
Vulnerability from variot - Updated: 2025-04-13 23:31The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. Vendors have confirmed this vulnerability Bug ID CSCus83445 It is released as.Through a crafted certificate generation argument by a remotely authenticated user, root You may get permission. A remote attacker can exploit this vulnerability to obtain root privileges through a specially crafted certificate-generation parameter. This issue is being tracked by Cisco bug ID CSCus83445
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0009",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.0-497"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.7.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.3-051"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.8.0-085"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.7.0-171-ld"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.0.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.1.x"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.x"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.8.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.6.x"
},
{
"model": "web security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.0.8-113"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.x(\u003c8.0.8-113)"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.1.x"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.5.x(\u003c8.5.3-051)"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.6.x"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.7.x"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.8.x(\u003c8.8.0-085)"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.7"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8.0-085"
},
{
"model": "web security appliance 8.7.0-171-ld",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.3-051"
},
{
"model": "web security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.8-113"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07469"
},
{
"db": "BID",
"id": "77433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005768"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-106"
},
{
"db": "NVD",
"id": "CVE-2015-6298"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005768"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "77433"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6298",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-6298",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-07469",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-84259",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6298",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6298",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07469",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-106",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84259",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07469"
},
{
"db": "VULHUB",
"id": "VHN-84259"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005768"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-106"
},
{
"db": "NVD",
"id": "CVE-2015-6298"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. Vendors have confirmed this vulnerability Bug ID CSCus83445 It is released as.Through a crafted certificate generation argument by a remotely authenticated user, root You may get permission. A remote attacker can exploit this vulnerability to obtain root privileges through a specially crafted certificate-generation parameter. \nThis issue is being tracked by Cisco bug ID CSCus83445",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6298"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005768"
},
{
"db": "CNVD",
"id": "CNVD-2015-07469"
},
{
"db": "BID",
"id": "77433"
},
{
"db": "VULHUB",
"id": "VHN-84259"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6298",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034059",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005768",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-106",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07469",
"trust": 0.6
},
{
"db": "BID",
"id": "77433",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-89770",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-84259",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07469"
},
{
"db": "VULHUB",
"id": "VHN-84259"
},
{
"db": "BID",
"id": "77433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005768"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-106"
},
{
"db": "NVD",
"id": "CVE-2015-6298"
}
]
},
"id": "VAR-201511-0009",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07469"
},
{
"db": "VULHUB",
"id": "VHN-84259"
}
],
"trust": 1.1590656799999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07469"
}
]
},
"last_update_date": "2025-04-13T23:31:33.192000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20151104-wsa",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa"
},
{
"title": "Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/66504"
},
{
"title": "Cisco Email Security Appliance AsyncOS Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58601"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07469"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005768"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-106"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84259"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005768"
},
{
"db": "NVD",
"id": "CVE-2015-6298"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151104-wsa"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034059"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6298"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6298"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07469"
},
{
"db": "VULHUB",
"id": "VHN-84259"
},
{
"db": "BID",
"id": "77433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005768"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-106"
},
{
"db": "NVD",
"id": "CVE-2015-6298"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07469"
},
{
"db": "VULHUB",
"id": "VHN-84259"
},
{
"db": "BID",
"id": "77433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005768"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-106"
},
{
"db": "NVD",
"id": "CVE-2015-6298"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07469"
},
{
"date": "2015-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-84259"
},
{
"date": "2015-11-04T00:00:00",
"db": "BID",
"id": "77433"
},
{
"date": "2015-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005768"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-106"
},
{
"date": "2015-11-06T11:59:03.730000",
"db": "NVD",
"id": "CVE-2015-6298"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07469"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84259"
},
{
"date": "2015-11-04T00:00:00",
"db": "BID",
"id": "77433"
},
{
"date": "2015-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005768"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-106"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6298"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-106"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Web Security Runs on the appliance device AsyncOS Management Web In the interface root Privileged vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005768"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-106"
}
],
"trust": 0.6
}
}
VAR-201605-0558
Vulnerability from variot - Updated: 2025-04-13 23:31Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305. Cisco AsyncOS for Cisco Web Security Appliance is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCur28305. The vulnerability is caused by not releasing the connection memory and system file descriptors of the client and server when the program receives a specific HTTP response code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0558",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.1-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.2-024"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.5"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0.000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.1-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.4"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.0-825"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.6.0-623"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.2-027"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.0-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.7-142"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.2-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.6-078"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.8-mr-113"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.2"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-497"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.3-055"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.0"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.7"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.1"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.6-119"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.1-021"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.0-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.6"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.0-000"
},
{
"model": "web security the appliance",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "8.8"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.5-026"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.3-010"
}
],
"sources": [
{
"db": "BID",
"id": "90744"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002924"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-462"
},
{
"db": "NVD",
"id": "CVE-2016-1383"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "90744"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1383",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-90202",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1383",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1383",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1383",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-462",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90202",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90202"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002924"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-462"
},
{
"db": "NVD",
"id": "CVE-2016-1383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305. Cisco AsyncOS for Cisco Web Security Appliance is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCur28305. The vulnerability is caused by not releasing the connection memory and system file descriptors of the client and server when the program receives a specific HTTP response code",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1383"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002924"
},
{
"db": "BID",
"id": "90744"
},
{
"db": "VULHUB",
"id": "VHN-90202"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1383",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1035911",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002924",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-462",
"trust": 0.7
},
{
"db": "BID",
"id": "90744",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90202",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90202"
},
{
"db": "BID",
"id": "90744"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002924"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-462"
},
{
"db": "NVD",
"id": "CVE-2016-1383"
}
]
},
"id": "VAR-201605-0558",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90202"
}
],
"trust": 0.55906568
},
"last_update_date": "2025-04-13T23:31:26.702000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160518-wsa4",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa4"
},
{
"title": "Cisco Web Security Appliance AsyncOS Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61776"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002924"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-462"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90202"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002924"
},
{
"db": "NVD",
"id": "CVE-2016-1383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160518-wsa4"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035911"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1383"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1383"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160518-wsa4/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90202"
},
{
"db": "BID",
"id": "90744"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002924"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-462"
},
{
"db": "NVD",
"id": "CVE-2016-1383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90202"
},
{
"db": "BID",
"id": "90744"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002924"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-462"
},
{
"db": "NVD",
"id": "CVE-2016-1383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-90202"
},
{
"date": "2016-05-18T00:00:00",
"db": "BID",
"id": "90744"
},
{
"date": "2016-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002924"
},
{
"date": "2016-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-462"
},
{
"date": "2016-05-25T01:59:07.177000",
"db": "NVD",
"id": "CVE-2016-1383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-90202"
},
{
"date": "2016-05-18T00:00:00",
"db": "BID",
"id": "90744"
},
{
"date": "2016-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002924"
},
{
"date": "2016-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-462"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-462"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Web Security Runs on the appliance device AsyncOS Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002924"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-462"
}
],
"trust": 0.6
}
}
VAR-201511-0007
Vulnerability from variot - Updated: 2025-04-13 23:29The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922. The Cisco Web Security Appliance is a network security appliance from Cisco. A security vulnerability exists in the proxy cache feature of Cisco AsyncOS in Cisco WSA appliances. The program failed to handle the memory correctly. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCus10922. The following releases are affected: Cisco AsyncOS 8.0.x prior to 8.0.7-151, 8.1.x and 8.5.x prior to 8.5.2-004, 8.6.x and 8.7.x prior to 8.7.0-171-LD Version, 8.8.x version before 8.8.0-085
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "8.0.5"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "8.5.0-497"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "8.0.6"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.6-119"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.0.000"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.7.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.8.0-085"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.7.0-171-ld"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.0.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.1.x"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.2-004"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.8.x"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.0.7-151"
},
{
"model": "web security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.6.x"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.1.x"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.6.x"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.7.x"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.8.x(\u003c8.8.0-085)"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.0.x(\u003c8.0.7-151)"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.5.x(\u003c8.5.2-004)"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.7"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.7"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.6-115"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.6-078"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.6-073"
},
{
"model": "web security appliance hot patch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.51"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "web security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8.0-085"
},
{
"model": "web security appliance 8.7.0-171-ld",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.2-004"
},
{
"model": "web security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.7-151"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07470"
},
{
"db": "BID",
"id": "77437"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005766"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-105"
},
{
"db": "NVD",
"id": "CVE-2015-6292"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005766"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "77437"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6292",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6292",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07470",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84253",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6292",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6292",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-07470",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-105",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84253",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07470"
},
{
"db": "VULHUB",
"id": "VHN-84253"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005766"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-105"
},
{
"db": "NVD",
"id": "CVE-2015-6292"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922. The Cisco Web Security Appliance is a network security appliance from Cisco. A security vulnerability exists in the proxy cache feature of Cisco AsyncOS in Cisco WSA appliances. The program failed to handle the memory correctly. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCus10922. The following releases are affected: Cisco AsyncOS 8.0.x prior to 8.0.7-151, 8.1.x and 8.5.x prior to 8.5.2-004, 8.6.x and 8.7.x prior to 8.7.0-171-LD Version, 8.8.x version before 8.8.0-085",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6292"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005766"
},
{
"db": "CNVD",
"id": "CNVD-2015-07470"
},
{
"db": "BID",
"id": "77437"
},
{
"db": "VULHUB",
"id": "VHN-84253"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6292",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034062",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005766",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-105",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07470",
"trust": 0.6
},
{
"db": "BID",
"id": "77437",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-89769",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-84253",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07470"
},
{
"db": "VULHUB",
"id": "VHN-84253"
},
{
"db": "BID",
"id": "77437"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005766"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-105"
},
{
"db": "NVD",
"id": "CVE-2015-6292"
}
]
},
"id": "VAR-201511-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07470"
},
{
"db": "VULHUB",
"id": "VHN-84253"
}
],
"trust": 1.1590656799999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07470"
}
]
},
"last_update_date": "2025-04-13T23:29:31.558000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20151104-wsa1",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa1"
},
{
"title": "Patch for Cisco Web Security Appliance Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/66503"
},
{
"title": "Cisco Email Security Appliance AsyncOS Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58600"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07470"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005766"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-105"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84253"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005766"
},
{
"db": "NVD",
"id": "CVE-2015-6292"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151104-wsa1"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034062"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6292"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6292"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps10164/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07470"
},
{
"db": "VULHUB",
"id": "VHN-84253"
},
{
"db": "BID",
"id": "77437"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005766"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-105"
},
{
"db": "NVD",
"id": "CVE-2015-6292"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07470"
},
{
"db": "VULHUB",
"id": "VHN-84253"
},
{
"db": "BID",
"id": "77437"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005766"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-105"
},
{
"db": "NVD",
"id": "CVE-2015-6292"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07470"
},
{
"date": "2015-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-84253"
},
{
"date": "2015-11-04T00:00:00",
"db": "BID",
"id": "77437"
},
{
"date": "2015-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005766"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-105"
},
{
"date": "2015-11-06T11:59:02.807000",
"db": "NVD",
"id": "CVE-2015-6292"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07470"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84253"
},
{
"date": "2015-11-04T00:00:00",
"db": "BID",
"id": "77437"
},
{
"date": "2015-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005766"
},
{
"date": "2015-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-105"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6292"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-105"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Web Security Runs on the appliance device AsyncOS Service disruption in the implementation of proxy caches (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005766"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-105"
}
],
"trust": 0.6
}
}
VAR-201605-0557
Vulnerability from variot - Updated: 2025-04-13 23:29Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529. Vendors have confirmed this vulnerability Bug ID CSCuu02529 It is released as.Service disruption through a crafted request by a third party ( Proxy process reload ) There is a possibility of being put into a state. Cisco AsyncOS for Cisco Web Security Appliance is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuu02529. Cisco WSA AsyncOS before 8.5.3-069 and versions 8.6 to 8.8 have a security vulnerability in the HTTP request parsing. The vulnerability is caused by the program not correctly allocating space for the HTTP header and HTTP payload
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0557",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.1-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.2-024"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.5"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0.000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.1-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.4"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.0-825"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.6.0-623"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.2-027"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.0-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.7-142"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.2-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.6-078"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.8-mr-113"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.2"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-497"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.3-055"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.0"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.7"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.1"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.6-119"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.1-021"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.0-000"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.6"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "web security appliance \\",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.0-000"
},
{
"model": "web security the appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.3-069"
},
{
"model": "web security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.6 to 8.8"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.5-026"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.3-010"
}
],
"sources": [
{
"db": "BID",
"id": "90746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-464"
},
{
"db": "NVD",
"id": "CVE-2016-1382"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "90746"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1382",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1382",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-90201",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1382",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1382",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1382",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-464",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90201",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90201"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-464"
},
{
"db": "NVD",
"id": "CVE-2016-1382"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529. Vendors have confirmed this vulnerability Bug ID CSCuu02529 It is released as.Service disruption through a crafted request by a third party ( Proxy process reload ) There is a possibility of being put into a state. Cisco AsyncOS for Cisco Web Security Appliance is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCuu02529. Cisco WSA AsyncOS before 8.5.3-069 and versions 8.6 to 8.8 have a security vulnerability in the HTTP request parsing. The vulnerability is caused by the program not correctly allocating space for the HTTP header and HTTP payload",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1382"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002923"
},
{
"db": "BID",
"id": "90746"
},
{
"db": "VULHUB",
"id": "VHN-90201"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1382",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1035910",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002923",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-464",
"trust": 0.7
},
{
"db": "BID",
"id": "90746",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90201",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90201"
},
{
"db": "BID",
"id": "90746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-464"
},
{
"db": "NVD",
"id": "CVE-2016-1382"
}
]
},
"id": "VAR-201605-0557",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90201"
}
],
"trust": 0.55906568
},
"last_update_date": "2025-04-13T23:29:29.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160518-wsa3",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa3"
},
{
"title": "Cisco Web Security Appliance AsyncOS Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61778"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-464"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90201"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002923"
},
{
"db": "NVD",
"id": "CVE-2016-1382"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160518-wsa3"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035910"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1382"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1382"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160518-wsa3/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90201"
},
{
"db": "BID",
"id": "90746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-464"
},
{
"db": "NVD",
"id": "CVE-2016-1382"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90201"
},
{
"db": "BID",
"id": "90746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-464"
},
{
"db": "NVD",
"id": "CVE-2016-1382"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-90201"
},
{
"date": "2016-05-18T00:00:00",
"db": "BID",
"id": "90746"
},
{
"date": "2016-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002923"
},
{
"date": "2016-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-464"
},
{
"date": "2016-05-25T01:59:06.020000",
"db": "NVD",
"id": "CVE-2016-1382"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-90201"
},
{
"date": "2016-05-18T00:00:00",
"db": "BID",
"id": "90746"
},
{
"date": "2016-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002923"
},
{
"date": "2016-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-464"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1382"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-464"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Web Security Runs on the appliance device AsyncOS Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002923"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-464"
}
],
"trust": 0.6
}
}
VAR-201612-0162
Vulnerability from variot - Updated: 2025-04-13 23:27A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010. Cisco AsyncOS is a set of operating systems used in this product. An attacker could exploit this vulnerability to restart the agent process, resulting in a denial of service condition. This issue is being tracked by Cisco Bug ID CSCvb04312
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.1-074"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.1-162"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "web security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.0.1-162"
},
{
"model": "web security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1.1-074"
},
{
"model": "asyncos software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance all",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12228"
},
{
"db": "BID",
"id": "94775"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006322"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-201"
},
{
"db": "NVD",
"id": "CVE-2016-6469"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006322"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "94775"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-201"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6469",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6469",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-12228",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-95289",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6469",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6469",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-6469",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-12228",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95289",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12228"
},
{
"db": "VULHUB",
"id": "VHN-95289"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006322"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-201"
},
{
"db": "NVD",
"id": "CVE-2016-6469"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010. Cisco AsyncOS is a set of operating systems used in this product. An attacker could exploit this vulnerability to restart the agent process, resulting in a denial of service condition. \nThis issue is being tracked by Cisco Bug ID CSCvb04312",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6469"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006322"
},
{
"db": "CNVD",
"id": "CNVD-2016-12228"
},
{
"db": "BID",
"id": "94775"
},
{
"db": "VULHUB",
"id": "VHN-95289"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6469",
"trust": 3.4
},
{
"db": "BID",
"id": "94775",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006322",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-201",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12228",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95289",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12228"
},
{
"db": "VULHUB",
"id": "VHN-95289"
},
{
"db": "BID",
"id": "94775"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006322"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-201"
},
{
"db": "NVD",
"id": "CVE-2016-6469"
}
]
},
"id": "VAR-201612-0162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12228"
},
{
"db": "VULHUB",
"id": "VHN-95289"
}
],
"trust": 1.2985804399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12228"
}
]
},
"last_update_date": "2025-04-13T23:27:23.129000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161207-wsa",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa"
},
{
"title": "Patch for Cisco AsyncOS Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/85528"
},
{
"title": "Cisco AsyncOS for Cisco Web Security Appliance Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66242"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12228"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006322"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95289"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006322"
},
{
"db": "NVD",
"id": "CVE-2016-6469"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-wsa"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94775"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6469"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6469"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12228"
},
{
"db": "VULHUB",
"id": "VHN-95289"
},
{
"db": "BID",
"id": "94775"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006322"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-201"
},
{
"db": "NVD",
"id": "CVE-2016-6469"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12228"
},
{
"db": "VULHUB",
"id": "VHN-95289"
},
{
"db": "BID",
"id": "94775"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006322"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-201"
},
{
"db": "NVD",
"id": "CVE-2016-6469"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12228"
},
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-95289"
},
{
"date": "2016-12-07T00:00:00",
"db": "BID",
"id": "94775"
},
{
"date": "2016-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006322"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-201"
},
{
"date": "2016-12-14T00:59:08.957000",
"db": "NVD",
"id": "CVE-2016-6469"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12228"
},
{
"date": "2017-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-95289"
},
{
"date": "2016-12-20T00:08:00",
"db": "BID",
"id": "94775"
},
{
"date": "2016-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006322"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-201"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6469"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Web Security For appliance AsyncOS of HTTP URL Service disruption in syntax analysis (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006322"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-201"
}
],
"trust": 0.6
}
}
VAR-201610-0320
Vulnerability from variot - Updated: 2025-04-13 23:26A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233. Vendors have confirmed this vulnerability Bug CSCux56406 and CSCux59928 It is released as.Service disruption by a third party (DoS) There is a possibility of being put into a state. CiscoEmailandWebSecurityAppliance is a product of Cisco. A denial of service vulnerability exists in CiscoEmail and WebSecurityAppliance. An unauthenticated remote attacker exploited the vulnerability to cause a denial of service attack. Multiple Cisco Products are prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug IDs CSCux56406 and CSCux59928. Cisco ESA versions after 9.5 and AMP of WSA have a denial of service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0320",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.6.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.5.0-284"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7.0-125"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.5.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.5.0-235"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0_base"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.5.0-444"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1_base"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.0-193"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.6.0-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-201"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-070"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.8.0-085"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-051"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5_base"
},
{
"model": "e email security the appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.5 thats all 9.7.1-066"
},
{
"model": "web security the appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "10.0.0-233"
},
{
"model": "web security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "gte",
"trust": 0.6,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10383"
},
{
"db": "BID",
"id": "93910"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005651"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-770"
},
{
"db": "NVD",
"id": "CVE-2016-6360"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005651"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93910"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-770"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6360",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10383",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-95180",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6360",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6360",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-6360",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10383",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-770",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95180",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-6360",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10383"
},
{
"db": "VULHUB",
"id": "VHN-95180"
},
{
"db": "VULMON",
"id": "CVE-2016-6360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005651"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-770"
},
{
"db": "NVD",
"id": "CVE-2016-6360"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233. Vendors have confirmed this vulnerability Bug CSCux56406 and CSCux59928 It is released as.Service disruption by a third party (DoS) There is a possibility of being put into a state. CiscoEmailandWebSecurityAppliance is a product of Cisco. A denial of service vulnerability exists in CiscoEmail and WebSecurityAppliance. An unauthenticated remote attacker exploited the vulnerability to cause a denial of service attack. Multiple Cisco Products are prone to a denial-of-service vulnerability. \nThis issue is being tracked by Cisco Bug IDs CSCux56406 and CSCux59928. Cisco ESA versions after 9.5 and AMP of WSA have a denial of service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005651"
},
{
"db": "CNVD",
"id": "CNVD-2016-10383"
},
{
"db": "BID",
"id": "93910"
},
{
"db": "VULHUB",
"id": "VHN-95180"
},
{
"db": "VULMON",
"id": "CVE-2016-6360"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6360",
"trust": 3.5
},
{
"db": "BID",
"id": "93910",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1037120",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1037121",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005651",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-770",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10383",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95180",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6360",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10383"
},
{
"db": "VULHUB",
"id": "VHN-95180"
},
{
"db": "VULMON",
"id": "CVE-2016-6360"
},
{
"db": "BID",
"id": "93910"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005651"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-770"
},
{
"db": "NVD",
"id": "CVE-2016-6360"
}
]
},
"id": "VAR-201610-0320",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10383"
},
{
"db": "VULHUB",
"id": "VHN-95180"
}
],
"trust": 1.14899413
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10383"
}
]
},
"last_update_date": "2025-04-13T23:26:37.234000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161026-esawsa3",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3"
},
{
"title": "Patches for multiple Cisco product denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83309"
},
{
"title": "Cisco Email Security Appliance and Cisco Web Security Appliance Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65123"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10383"
},
{
"db": "VULMON",
"id": "CVE-2016-6360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005651"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-770"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95180"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005651"
},
{
"db": "NVD",
"id": "CVE-2016-6360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/93910"
},
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-esawsa3"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1037120"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1037121"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6360"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6360"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10383"
},
{
"db": "VULHUB",
"id": "VHN-95180"
},
{
"db": "VULMON",
"id": "CVE-2016-6360"
},
{
"db": "BID",
"id": "93910"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005651"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-770"
},
{
"db": "NVD",
"id": "CVE-2016-6360"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10383"
},
{
"db": "VULHUB",
"id": "VHN-95180"
},
{
"db": "VULMON",
"id": "CVE-2016-6360"
},
{
"db": "BID",
"id": "93910"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005651"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-770"
},
{
"db": "NVD",
"id": "CVE-2016-6360"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10383"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95180"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6360"
},
{
"date": "2016-10-26T00:00:00",
"db": "BID",
"id": "93910"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005651"
},
{
"date": "2016-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-770"
},
{
"date": "2016-10-28T10:59:10.213000",
"db": "NVD",
"id": "CVE-2016-6360"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10383"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-95180"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6360"
},
{
"date": "2016-11-24T01:04:00",
"db": "BID",
"id": "93910"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005651"
},
{
"date": "2016-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-770"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6360"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-770"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco E Email Security Appliance and Web Security Appliance Advanced Malware Protection Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005651"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-770"
}
],
"trust": 0.6
}
}
VAR-201610-0341
Vulnerability from variot - Updated: 2025-04-13 23:26A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, if the software is configured with message or content filters to scan incoming email attachments. More Information: CSCuw03606, CSCux59734. Known Affected Releases: 8.0.0-000 8.5.6-106 9.0.0-000 9.1.0-032 9.6.0-042 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.1.1-038 9.7.1-066. Vendors have confirmed this vulnerability Bug ID CSCuw03606 and CSCux59734 It is released as. Supplementary information : CWE Vulnerability type by CWE-388: Error Handling ( Error handling ) Has been identified. http://cwe.mitre.org/data/definitions/388.htmlA third party may bypass user filters configured on the device. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. 0-000
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0341",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.0-212"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-052"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.1-023"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.6.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.4.4-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.5.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.6.0-011"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.6-073"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.0-461"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.2-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-201"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-106"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0.5-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.7.0-125"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-113"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-011"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.6-074"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0_base"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.9.1-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.4.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-101"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.0-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5.0-er1-198"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "web security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10397"
},
{
"db": "BID",
"id": "93914"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005645"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-858"
},
{
"db": "NVD",
"id": "CVE-2016-1480"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005645"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93914"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1480",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1480",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10397",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90299",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1480",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1480",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1480",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-10397",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-858",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90299",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10397"
},
{
"db": "VULHUB",
"id": "VHN-90299"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005645"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-858"
},
{
"db": "NVD",
"id": "CVE-2016-1480"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, if the software is configured with message or content filters to scan incoming email attachments. More Information: CSCuw03606, CSCux59734. Known Affected Releases: 8.0.0-000 8.5.6-106 9.0.0-000 9.1.0-032 9.6.0-042 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.1.1-038 9.7.1-066. Vendors have confirmed this vulnerability Bug ID CSCuw03606 and CSCux59734 It is released as. Supplementary information : CWE Vulnerability type by CWE-388: Error Handling ( Error handling ) Has been identified. http://cwe.mitre.org/data/definitions/388.htmlA third party may bypass user filters configured on the device. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. 0-000",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1480"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005645"
},
{
"db": "CNVD",
"id": "CNVD-2016-10397"
},
{
"db": "BID",
"id": "93914"
},
{
"db": "VULHUB",
"id": "VHN-90299"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1480",
"trust": 3.4
},
{
"db": "BID",
"id": "93914",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037116",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1037117",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005645",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-858",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10397",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90299",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10397"
},
{
"db": "VULHUB",
"id": "VHN-90299"
},
{
"db": "BID",
"id": "93914"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005645"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-858"
},
{
"db": "NVD",
"id": "CVE-2016-1480"
}
]
},
"id": "VAR-201610-0341",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10397"
},
{
"db": "VULHUB",
"id": "VHN-90299"
}
],
"trust": 1.245361153333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10397"
}
]
},
"last_update_date": "2025-04-13T23:26:37.197000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161026-esawsa1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa1"
},
{
"title": "Patch for CiscoAsyncOS Security Bypass Vulnerability (CNVD-2016-10397)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83246"
},
{
"title": "Cisco AsyncOS for Cisco Email Security Appliances and Web Security Appliances Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65180"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005645"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-858"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-388",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90299"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005645"
},
{
"db": "NVD",
"id": "CVE-2016-1480"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-esawsa1"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/93914"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037116"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037117"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1480"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1480"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10397"
},
{
"db": "VULHUB",
"id": "VHN-90299"
},
{
"db": "BID",
"id": "93914"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005645"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-858"
},
{
"db": "NVD",
"id": "CVE-2016-1480"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10397"
},
{
"db": "VULHUB",
"id": "VHN-90299"
},
{
"db": "BID",
"id": "93914"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005645"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-858"
},
{
"db": "NVD",
"id": "CVE-2016-1480"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10397"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-90299"
},
{
"date": "2016-10-26T00:00:00",
"db": "BID",
"id": "93914"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005645"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-858"
},
{
"date": "2016-10-28T10:59:01.993000",
"db": "NVD",
"id": "CVE-2016-1480"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10397"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-90299"
},
{
"date": "2016-11-24T00:11:00",
"db": "BID",
"id": "93914"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005645"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-858"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1480"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-858"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ESA and WSA Run on AsyncOS of MIME Vulnerability in the scanner that bypasses the user filter set on the device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005645"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-858"
}
],
"trust": 0.6
}
}
VAR-201612-0227
Vulnerability from variot - Updated: 2025-04-13 23:26A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019. Vendors have confirmed this vulnerability Bug ID CSCul88715 , CSCul94617 , CSCul94627 It is released as.A remote attacker could impersonate an update server. There is a middleman security bypass vulnerability in CiscoAsyncOSSoftware. Allows an attacker to exploit a vulnerability to perform an unauthorized operation by performing a man-in-the-middle attack. Cisco AsyncOS Software is prone to security-bypass vulnerability. This may lead to other attacks. This issue is being tracked by Cisco Bug ID's CSCul88715, CSCul94617 and CSCul94627. Cisco AsyncOS is an operating system used in these products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.0-033"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.7.5-835"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.0-er1-198"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0.1-023"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.1-021"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.0-031"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.6.0"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1.0-103"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.0-000"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.6.3-025"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.8.0-000"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.2-hp2-303"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.0-608"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.2-201"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-004"
},
{
"model": "asyncos",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "web security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "content security management appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asyncos software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12890"
},
{
"db": "BID",
"id": "94791"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006303"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-276"
},
{
"db": "NVD",
"id": "CVE-2016-1411"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:content_security_management_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006303"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "94791"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1411",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1411",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-12890",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-90230",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2016-1411",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1411",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1411",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-12890",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-276",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90230",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12890"
},
{
"db": "VULHUB",
"id": "VHN-90230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006303"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-276"
},
{
"db": "NVD",
"id": "CVE-2016-1411"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019. Vendors have confirmed this vulnerability Bug ID CSCul88715 , CSCul94617 , CSCul94627 It is released as.A remote attacker could impersonate an update server. There is a middleman security bypass vulnerability in CiscoAsyncOSSoftware. Allows an attacker to exploit a vulnerability to perform an unauthorized operation by performing a man-in-the-middle attack. Cisco AsyncOS Software is prone to security-bypass vulnerability. This may lead to other attacks. \nThis issue is being tracked by Cisco Bug ID\u0027s CSCul88715, CSCul94617 and CSCul94627. Cisco AsyncOS is an operating system used in these products",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1411"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006303"
},
{
"db": "CNVD",
"id": "CNVD-2016-12890"
},
{
"db": "BID",
"id": "94791"
},
{
"db": "VULHUB",
"id": "VHN-90230"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1411",
"trust": 3.4
},
{
"db": "BID",
"id": "94791",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006303",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-276",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12890",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90230",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12890"
},
{
"db": "VULHUB",
"id": "VHN-90230"
},
{
"db": "BID",
"id": "94791"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006303"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-276"
},
{
"db": "NVD",
"id": "CVE-2016-1411"
}
]
},
"id": "VAR-201612-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12890"
},
{
"db": "VULHUB",
"id": "VHN-90230"
}
],
"trust": 1.245361153333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12890"
}
]
},
"last_update_date": "2025-04-13T23:26:36.578000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161207-asyncos",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos"
},
{
"title": "CiscoAsyncOSSoftware middleman security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/86521"
},
{
"title": "Cisco AsyncOS Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66315"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12890"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006303"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-276"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90230"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006303"
},
{
"db": "NVD",
"id": "CVE-2016-1411"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94791"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-asyncos"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1411"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1411"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12890"
},
{
"db": "VULHUB",
"id": "VHN-90230"
},
{
"db": "BID",
"id": "94791"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006303"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-276"
},
{
"db": "NVD",
"id": "CVE-2016-1411"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12890"
},
{
"db": "VULHUB",
"id": "VHN-90230"
},
{
"db": "BID",
"id": "94791"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006303"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-276"
},
{
"db": "NVD",
"id": "CVE-2016-1411"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12890"
},
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-90230"
},
{
"date": "2016-12-07T00:00:00",
"db": "BID",
"id": "94791"
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006303"
},
{
"date": "2016-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-276"
},
{
"date": "2016-12-14T00:59:00.173000",
"db": "NVD",
"id": "CVE-2016-1411"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12890"
},
{
"date": "2016-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-90230"
},
{
"date": "2016-12-20T01:08:00",
"db": "BID",
"id": "94791"
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006303"
},
{
"date": "2016-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-276"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1411"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-276"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Security For appliance AsyncOS Vulnerability in software update function spoofing update server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006303"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-276"
}
],
"trust": 0.6
}
}