Partial Denial of Service Vulnerability in Cisco Email and Web Security Appliances
CVE-2016-6360

7.5HIGH

Key Information:

Vendor
Cisco
Status
Cisco Asyncos Through Wsa10.0.0-000
Vendor
CVE Published:
28 October 2016

Summary

A vulnerability exists in Cisco's Advanced Malware Protection for Email and Web Security Appliances that can be exploited by an unauthenticated, remote attacker to induce a partial denial of service. This is caused by the AMP process unexpectedly restarting, leading to disruption in services. The vulnerability affects various versions of Cisco AsyncOS Software for Email Security Appliances (ESA) and Web Security Appliances (WSA), necessitating prompt attention to mitigate potential impacts.

Affected Version(s)

Cisco AsyncOS through WSA10.0.0-000 Cisco AsyncOS through WSA10.0.0-000

References

http://www.securityfocus.com/bid/93910
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037120
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.