Email Security Appliance Vulnerability in Cisco Products
CVE-2016-1438

7.5HIGH

Key Information:

Vendor: Cisco
Status: Asyncos
Vendor: CVE Published:; 23 June 2016

What is CVE-2016-1438?

A security issue in Cisco AsyncOS 9.7.0-125 for Email Security Appliance devices enables remote attackers to bypass the intended spam filtering mechanism. This can occur through the exploitation of crafted executable content embedded within ZIP archives, potentially allowing harmful files to be processed without detection. Cisco has issued advisories regarding this flaw to help mitigate its impact.

References

http://www.securitytracker.com/id/1036156

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2016
Vulnerability Reserved
Jan 4, 2016