Vulnerability-Lookup

CVE-2016-6357 (GCVE-0-2016-6357)

Vulnerability from cvelistv5 – Published: 2016-10-28 10:00 – Updated: 2024-08-06 01:29

Summary

Severity ?

No CVSS data available.

CWE

unspecified

Assigner

cisco

References

URL

	Vendor	Product	Version
	n/a	Cisco AsyncOS through 9.9.6-026	Affected: Cisco AsyncOS through 9.9.6-026

CNVD-2016-10396

Vulnerability from cnvd - Published: 2016-10-31

Title

Cisco AsyncOS安全绕过漏洞（CNVD-2016-10396）

Description

Cisco AsyncOS操作系统是可以提升思科电子邮件安全设备的安全和性能。 Cisco AsyncOS存在安全绕过漏洞，允许攻击者利用该漏洞绕过某些安全限制，执行未授权操作。

Severity

中

Patch Name

Cisco AsyncOS安全绕过漏洞（CNVD-2016-10396）的补丁

Patch Description

Cisco AsyncOS操作系统是可以提升思科电子邮件安全设备的安全和性能。 Cisco AsyncOS存在安全绕过漏洞，允许攻击者利用该漏洞绕过某些安全限制，执行未授权操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5

Reference

http://www.securityfocus.com/bid/93909

Impacted products

Name
Cisco AsyncOS Software

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93909"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6357"
    }
  },
  "description": "Cisco AsyncOS\u64cd\u4f5c\u7cfb\u7edf\u662f\u53ef\u4ee5\u63d0\u5347\u601d\u79d1\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\u7684\u5b89\u5168\u548c\u6027\u80fd\u3002 \r\n\r\nCisco AsyncOS\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10396",
  "openTime": "2016-10-31",
  "patchDescription": "Cisco AsyncOS\u64cd\u4f5c\u7cfb\u7edf\u662f\u53ef\u4ee5\u63d0\u5347\u601d\u79d1\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\u7684\u5b89\u5168\u548c\u6027\u80fd\u3002 \r\n\r\nCisco AsyncOS\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco AsyncOS\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2016-10396\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco AsyncOS Software"
  },
  "referenceLink": "http://www.securityfocus.com/bid/93909",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-27",
  "title": "Cisco AsyncOS\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2016-10396\uff09"
}

GHSA-MJV5-4W95-PPQ8

Vulnerability from github – Published: 2022-05-17 02:23 – Updated: 2022-05-17 02:23

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6357"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-28T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026.",
  "id": "GHSA-mjv5-4w95-ppq8",
  "modified": "2022-05-17T02:23:04Z",
  "published": "2022-05-17T02:23:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6357"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93909"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037114"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201610-0317

Vulnerability from variot - Updated: 2025-04-13 23:41

A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026. Vendors have confirmed this vulnerability Bug CSCuz01651 It is released as. Supplementary information : CWE Vulnerability type by CWE-388: Error Handling ( Error handling ) Has been identified. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. Cisco AsyncOS has a security bypass vulnerability that allows an attacker to exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuz01651. The appliance offers spam protection, email encryption, data loss prevention, and more. The following releases are affected: Cisco ESA 10.0.9-015, 9.7.1-066, 9.9.6-026

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0317",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.7.1-066"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.9.6-026"
      },
      {
        "model": "asyncos",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "e email security the appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "9.7.1-066"
      },
      {
        "model": "e email security the appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "9.9.6-026"
      },
      {
        "model": "asyncos software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asyncos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10396"
      },
      {
        "db": "BID",
        "id": "93909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-750"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6357"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:cisco:ironport_asyncos",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:email_security_appliance",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "93909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-750"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-6357",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-6357",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-10396",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-95177",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-6357",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-6357",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-6357",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-10396",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-750",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95177",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10396"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-750"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6357"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026. Vendors have confirmed this vulnerability Bug CSCuz01651 It is released as. Supplementary information : CWE Vulnerability type by CWE-388: Error Handling ( Error handling ) Has been identified. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. Cisco AsyncOS has a security bypass vulnerability that allows an attacker to exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCuz01651. The appliance offers spam protection, email encryption, data loss prevention, and more. The following releases are affected: Cisco ESA 10.0.9-015, 9.7.1-066, 9.9.6-026",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-10396"
      },
      {
        "db": "BID",
        "id": "93909"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95177"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6357",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "93909",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1037114",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005649",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-750",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-10396",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-95177",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10396"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95177"
      },
      {
        "db": "BID",
        "id": "93909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-750"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6357"
      }
    ]
  },
  "id": "VAR-201610-0317",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10396"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95177"
      }
    ],
    "trust": 1.28850889
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10396"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:41:16.839000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20161026-esa5",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5"
      },
      {
        "title": "Patch for CiscoAsyncOS Security Bypass Vulnerability (CNVD-2016-10396)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/83245"
      },
      {
        "title": "Cisco Email Security Appliance Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65106"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10396"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-750"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-388",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6357"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/93909"
      },
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-esa5"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1037114"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6357"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6357"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10396"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95177"
      },
      {
        "db": "BID",
        "id": "93909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-750"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6357"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10396"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95177"
      },
      {
        "db": "BID",
        "id": "93909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-750"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6357"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-10396"
      },
      {
        "date": "2016-10-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95177"
      },
      {
        "date": "2016-10-26T00:00:00",
        "db": "BID",
        "id": "93909"
      },
      {
        "date": "2016-11-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      },
      {
        "date": "2016-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-750"
      },
      {
        "date": "2016-10-28T10:59:07.917000",
        "db": "NVD",
        "id": "CVE-2016-6357"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-10396"
      },
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95177"
      },
      {
        "date": "2016-11-24T11:03:00",
        "db": "BID",
        "id": "93909"
      },
      {
        "date": "2016-11-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      },
      {
        "date": "2016-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-750"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-6357"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-750"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco E Email Security Runs on the appliance  AsyncOS Vulnerabilities in which filter drop settings can be bypassed",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005649"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-750"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2016-AVI-363

Vulnerability from certfr_avis - Published: 2016-10-27 - Updated: 2016-10-27

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco IPICS versions antérieures à 4.10(2)
Cisco	N/A	Cisco AsyncOS toutes versions sans le dernier correctif de sécurité
Cisco	N/A	Cisco Email Security Appliance (ESA) sans le dernier correctif de sécurité

References

Title

Publication Time

FKIE_CVE-2016-6357

Vulnerability from fkie_nvd - Published: 2016-10-28 10:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/93909
psirt@cisco.com	http://www.securitytracker.com/id/1037114
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93909
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037114
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	email_security_appliance	9.7.1-066
	cisco	email_security_appliance	9.9.6-026

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*",
              "matchCriteriaId": "72DADB2C-D86D-44B5-B87B-289990A7D9B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.9.6-026:*:*:*:*:*:*:*",
              "matchCriteriaId": "F508B007-27AD-483F-B220-B62C84892617",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en las pol\u00edticas de seguridad configuradas, incluida la ca\u00edda del filtrado de email, en Cisco AsyncOS para Cisco Email Security Appliance (ESA) podr\u00eda permitir a un atacante remoto no autenticado eludir una ca\u00edda de filtrado configurada utilizando un email con un adjunto corrupto. M\u00e1s informaci\u00f3n: CSCuz01651. Lanzamientos conocidos afectados: 10.0.9-015 9.7.1-066 9.9.6-026."
    }
  ],
  "id": "CVE-2016-6357",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-28T10:59:07.917",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/93909"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1037114"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-388"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-6357

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6357

Aliases

CVE-2016-6357

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6357",
    "description": "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026.",
    "id": "GSD-2016-6357"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6357"
      ],
      "details": "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026.",
      "id": "GSD-2016-6357",
      "modified": "2023-12-13T01:21:22.871151Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-6357",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco AsyncOS through 9.9.6-026",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco AsyncOS through 9.9.6-026"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "unspecified"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5"
          },
          {
            "name": "93909",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93909"
          },
          {
            "name": "1037114",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037114"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.9.6-026:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6357"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-388"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5"
            },
            {
              "name": "93909",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93909"
            },
            {
              "name": "1037114",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037114"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-07-29T01:34Z",
      "publishedDate": "2016-10-28T10:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6357 (GCVE-0-2016-6357)

CNVD-2016-10396

GHSA-MJV5-4W95-PPQ8

VAR-201610-0317

CERTFR-2016-AVI-363

Solution

FKIE_CVE-2016-6357

GSD-2016-6357

Tags

Sightings

Nomenclature