Denial of Service Vulnerability in Cisco AsyncOS Software for Email Security Appliances
CVE-2016-1486

7.5HIGH

Key Information:

Vendor

Cisco
Status
Cisco AsyncOS through 9.7.1-066
Vendor
CVE Published:
28 October 2016

What is CVE-2016-1486?

A vulnerability exists in the email attachment scanning capability of Cisco AsyncOS Software for Email Security Appliances. This flaw could enable an unauthenticated, remote attacker to disrupt the scanning and forwarding of email messages, leading to a denial of service condition. The issue particularly affects versions 9.7.1 and later of the software if the Advanced Malware Protection (AMP) feature is activated for scanning incoming attachments. Administrators should upgrade to corrected releases to mitigate this risk.

Affected Version(s)

Cisco AsyncOS through 9.7.1-066 Cisco AsyncOS through 9.7.1-066

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037124
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/93906
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.