CVE-2016-1461

Опубликовано: 01 авг. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-esa
Vendor Advisory
http://www.securityfocus.com/bid/92155
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036470
Broken Link
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-esa
Vendor Advisory
http://www.securityfocus.com/bid/92155
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036470
Broken Link
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*

Версия до 9.7.0-125 (включая)

cpe:2.3:a:cisco:email_security_appliance:-:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00771

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-6cxc-3h4m-cqfx