CVE-2016-6360

A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
ciscoemail_security_appliance
9.5.0-000
ciscoemail_security_appliance
9.5.0-201
ciscoemail_security_appliance
9.6.0-000
ciscoemail_security_appliance
9.6.0-042
ciscoemail_security_appliance
9.6.0-051
ciscoemail_security_appliance
9.7.0-125
ciscoweb_security_appliance
8.8.0-085
ciscoweb_security_appliance
9.0.0-193
ciscoweb_security_appliance
9.0_base:_base
ciscoweb_security_appliance
9.1.0-000
ciscoweb_security_appliance
9.1.0-070
ciscoweb_security_appliance
9.1_base:_base
ciscoweb_security_appliance
9.5.0-235
ciscoweb_security_appliance
9.5.0-284
ciscoweb_security_appliance
9.5.0-444
ciscoweb_security_appliance
9.5_base:_base
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/93910
http://www.securitytracker.com/id/1037120
http://www.securitytracker.com/id/1037121
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3
http://www.securityfocus.com/bid/93910
http://www.securitytracker.com/id/1037120
http://www.securitytracker.com/id/1037121
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3