Denial of Service Vulnerability in Cisco Email Security Appliances
CVE-2016-6356

7.5HIGH

Key Information:

Vendor

Cisco
Status
Cisco Asyncos Through 9.7.0-125
Vendor
CVE Published:
28 October 2016

What is CVE-2016-6356?

A vulnerability exists in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances. This flaw could enable an unauthenticated, remote attacker to trigger a denial of service condition, thereby halting the device's ability to scan and forward email messages. The issue arises when the software is configured to apply message or content filters to incoming email attachments. It affects all pre-fixed releases and is not specific to any rules for filtering.

Affected Version(s)

Cisco AsyncOS through 9.7.0-125 Cisco AsyncOS through 9.7.0-125

References

http://www.securitytracker.com/id/1037122
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93907
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-6356 : Denial of Service Vulnerability in Cisco Email Security Appliances