Bypass Malware Detection in Cisco Email Security Appliance
CVE-2016-1461

7.5HIGH

Key Information:

Vendor

Cisco
Status
Asyncos
Vendor
CVE Published:
1 August 2016

What is CVE-2016-1461?

Cisco Email Security Appliance (ESA) running AsyncOS versions up to 9.7.0-125 is susceptible to a vulnerability that enables remote attackers to bypass malware detection through specially crafted email attachments. This flaw could potentially exploit weaknesses in the device's filtering mechanisms, allowing malicious files to evade security measures, consequently leading to serious security risks for organizations relying on email security solutions.

References

http://www.securityfocus.com/bid/92155
vdb-entryx_refsource_BID
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1036470
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.