Denial of Service Vulnerability in Cisco Email Security and Web Security Appliances
CVE-2016-6416

5.9MEDIUM

Key Information:

Vendor

Cisco
Status
Email Security Appliance
Web Security Appliance
Content Security Management Appliance
Vendor
CVE Published:
5 October 2016

What is CVE-2016-6416?

The FTP service in Cisco AsyncOS running on Email Security Appliance (ESA), Web Security Appliance (WSA), and Content Security Management Appliance (SMA) is susceptible to a denial of service. Remote attackers can exploit this vulnerability by generating a flood of FTP traffic, overwhelming the device and impeding its functionality. This vulnerability affects multiple versions of ESA, WSA, and SMA, potentially disrupting services for those relying on these security appliances for email and web management.

References

http://www.securitytracker.com/id/1036915
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/93198
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1036916
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.