Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-1411

Опубликовано: 14 дек. 2016
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:email_security_appliance:7.5.2-201:*:*:*:*:*:*:*
cpe:2.3:a:cisco:email_security_appliance:7.5.2-hp2-303:*:*:*:*:*:*:*
cpe:2.3:a:cisco:email_security_appliance:7.6.3-025:*:*:*:*:*:*:*
cpe:2.3:a:cisco:email_security_appliance:8.0.1-023:*:*:*:*:*:*:*
cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:*:*:*:*:*:*:*
cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:*:*:*:*:*:*:*
cpe:2.3:a:cisco:email_security_appliance:8.5.1-021:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_appliance:7.7.0-608:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_appliance:7.7.5-835:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_appliance:8.8.0-000:*:*:*:*:*:*:*

EPSS

Процентиль: 45%
0.00224
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

github логотип

GHSA-cf26-vfrc-6mw2

CVSS3: 5.9
github
больше 3 лет назад

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.

EPSS

Процентиль: 45%
0.00224
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-310