Remote Code Execution Vulnerability in Cisco Email Security Appliance and Web Security Appliance
CVE-2016-1411

5.9MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Asyncos
Vendor: CVE Published:; 14 December 2016

What is CVE-2016-1411?

A flaw exists in the update functionality of Cisco AsyncOS Software used in Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) that allows an unauthenticated remote attacker to impersonate the update server. This may lead to unauthorized access, allowing attackers to execute malicious updates or code. Several versions are affected, and it is crucial for users to apply the recommended fixes available in the newer releases.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco AsyncOS Cisco AsyncOS

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/94791

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2016
Vulnerability Reserved
Jan 4, 2016

JSON

Cisco

What is CVE-2016-1411?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.