CVE Vulnerabilities

CVE-2016-1411

Published: Dec 14, 2016 | Modified: Dec 15, 2016
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.

Affected Software

Name Vendor Start Version End Version
Content_security_management_appliance Cisco 9.1.0 (including) 9.1.0 (including)
Content_security_management_appliance Cisco 9.1.0-004 (including) 9.1.0-004 (including)
Content_security_management_appliance Cisco 9.1.0-031 (including) 9.1.0-031 (including)
Content_security_management_appliance Cisco 9.1.0-033 (including) 9.1.0-033 (including)
Content_security_management_appliance Cisco 9.1.0-103 (including) 9.1.0-103 (including)
Content_security_management_appliance Cisco 9.6.0 (including) 9.6.0 (including)
Email_security_appliance Cisco 7.5.2-201 (including) 7.5.2-201 (including)
Email_security_appliance Cisco 7.5.2-hp2-303 (including) 7.5.2-hp2-303 (including)
Email_security_appliance Cisco 7.6.3-025 (including) 7.6.3-025 (including)
Email_security_appliance Cisco 8.0.1-023 (including) 8.0.1-023 (including)
Email_security_appliance Cisco 8.5.0-000 (including) 8.5.0-000 (including)
Email_security_appliance Cisco 8.5.0-er1-198 (including) 8.5.0-er1-198 (including)
Email_security_appliance Cisco 8.5.1-021 (including) 8.5.1-021 (including)
Web_security_appliance Cisco 7.7.0-608 (including) 7.7.0-608 (including)
Web_security_appliance Cisco 7.7.5-835 (including) 7.7.5-835 (including)
Web_security_appliance Cisco 8.8.0-000 (including) 8.8.0-000 (including)

References