CVE-2016-1411

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
ciscocontent_security_management_appliance
9.1.0
ciscocontent_security_management_appliance
9.1.0-004
ciscocontent_security_management_appliance
9.1.0-031
ciscocontent_security_management_appliance
9.1.0-033
ciscocontent_security_management_appliance
9.1.0-103
ciscocontent_security_management_appliance
9.6.0
ciscoemail_security_appliance
7.5.2-201
ciscoemail_security_appliance
7.5.2-hp2-303
ciscoemail_security_appliance
7.6.3-025
ciscoemail_security_appliance
8.0.1-023
ciscoemail_security_appliance
8.5.0-000
ciscoemail_security_appliance
8.5.0-er1-198
ciscoemail_security_appliance
8.5.1-021
ciscoweb_security_appliance
7.7.0-608
ciscoweb_security_appliance
7.7.5-835
ciscoweb_security_appliance
8.8.0-000
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94791
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos
http://www.securityfocus.com/bid/94791
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos