Bypass of Email Filtering in Cisco Email Security Appliances
CVE-2016-6462

5.3MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Asyncos 9.7.1-066 Through 10.0.0-125
Vendor
CVE Published:
19 November 2016

What is CVE-2016-6462?

A vulnerability exists in the email filtering functionality of Cisco AsyncOS Software, which powers Cisco Email Security Appliances. This flaw allows unauthenticated remote attackers to bypass Advanced Malware Protection (AMP) filters, particularly those configured to scan incoming email attachments. The vulnerability affects all releases of Cisco AsyncOS Software prior to the designated fixed releases. This poses significant risks as it can enable malicious emails to evade detection and reach end users, potentially compromising organizational security.

Affected Version(s)

Cisco AsyncOS 9.7.1-066 through 10.0.0-125 Cisco AsyncOS 9.7.1-066 through 10.0.0-125

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037307
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/94360
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-6462 : Bypass of Email Filtering in Cisco Email Security Appliances