Content Filtering Vulnerability in Cisco Email and Web Security Appliances
CVE-2016-6465

4.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Asyncos
Vendor
CVE Published:
14 December 2016

Summary

A vulnerability exists within the content filtering capabilities of Cisco AsyncOS Software utilized by Cisco Email Security Appliances and Cisco Web Security Appliances. This flaw could potentially enable an unauthenticated, remote attacker to bypass user-defined filters on affected devices. Specifically, when configured to utilize content scanning features for incoming email attachments or web content, these appliances may inadvertently permit unauthorized access, compromising the intended security measures. Users of versions prior to the first fixed release are strongly encouraged to update their firmware to mitigate this risk.

Affected Version(s)

Cisco AsyncOS Cisco AsyncOS

References

http://www.securitytracker.com/id/1037404
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94901
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.