{"containers": {"cna": {"affected": [{"product": "Cisco AsyncOS through 9.7.0-125", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco AsyncOS through 9.7.0-125"}]}], "datePublic": "2016-10-28T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1037122", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037122"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"}, {"name": "93907", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93907"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-6356", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco AsyncOS through 9.7.0-125", "version": {"version_data": [{"version_value": "Cisco AsyncOS through 9.7.0-125"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "1037122", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037122"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"}, {"name": "93907", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93907"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:19.250Z"}, "title": "CVE Program Container", "references": [{"name": "1037122", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037122"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"}, {"name": "93907", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93907"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-6356", "datePublished": "2016-10-28T10:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-08-06T01:29:19.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:email_security_appliance:3.3.1-09:*:*:*:*:*:*:*", "matchCriteriaId": "B447F5BF-B930-412C-BB5B-76FB59F2131F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CD539F0-FB4C-43BB-B84D-8EB2D5780C30", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0119B5B-0DE1-40DE-B987-5BD090C46396", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4C9B9EA8-AC3E-46B5-9E1A-C5CDA49C2417", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3584055D-21D7-4701-A6DA-3A42037C235D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "98F65C35-8F6C-443A-8A70-507E2BECE434", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C08DF98F-D463-444A-9C99-3D9F598AD35D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "72B46B14-F730-4C19-B990-7A97180A6B76", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "47B559C5-4D63-4F19-B52D-71AE2D057983", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A024420-2138-45C2-A1B1-D9E6C421CC43", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B7861DE-6DC4-445E-B881-E731E78C933E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C1883A6-FD4A-4E06-AA83-C2E1035C5BE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "8209F5B3-2F65-4976-86CE-8C3F92D6D053", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.2-201:*:*:*:*:*:*:*", "matchCriteriaId": "11E2D3BA-C2EF-4178-B1EA-0E2318DAFE37", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "048157E8-DC18-47D6-8061-6D209C4B640A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.1-000:*:*:*:*:*:*:*", "matchCriteriaId": "C970A35B-04DD-45A4-A739-585ACEE496AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.1-gpl-022:*:*:*:*:*:*:*", "matchCriteriaId": "FCC3BF72-7CD4-47F8-B98F-7D61802A22BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "82842FC8-6041-4FD6-AA4B-818052798F01", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.3-000:*:*:*:*:*:*:*", "matchCriteriaId": "AA18CA46-D4FA-48C8-A632-9C618C4C647C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.3-025:*:*:*:*:*:*:*", "matchCriteriaId": "CD7AD8D8-C690-47C6-8A58-8499266F9659", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.7.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "E6096CDB-3908-4E75-A9B6-285738C582B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.7.1-000:*:*:*:*:*:*:*", "matchCriteriaId": "38B13FE0-91B3-48AC-83D5-839E9C49AF10", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F11D078-2A4A-40C2-8DBA-3A9529355245", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.8.0-311:*:*:*:*:*:*:*", "matchCriteriaId": "6B9C47AD-38DA-44BE-8868-A21F93332783", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.0.1-023:*:*:*:*:*:*:*", "matchCriteriaId": "5FABFD96-9076-4838-A775-7DA478214760", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "6D070904-FF6A-4356-A6B9-FC572CF4ADEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "DCB92F9E-9FA2-4D50-82C2-FF0A20EB42FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:*:*:*:*:*:*:*", "matchCriteriaId": "0D9AFCF6-AFC3-4466-AB77-DA77090BBE0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-052:*:*:*:*:*:*:*", "matchCriteriaId": "A511EEC7-A7B4-46A0-9182-42B6FFB0E103", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-073:*:*:*:*:*:*:*", "matchCriteriaId": "2E8A45A9-0835-4F4D-99D1-4E894EE95B5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-074:*:*:*:*:*:*:*", "matchCriteriaId": "C69F7FA3-F8FD-430F-B70C-FBFC3C1A2D04", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-106:*:*:*:*:*:*:*", "matchCriteriaId": "5EFD829C-2BA8-4EA6-A846-74776A05D105", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-113:*:*:*:*:*:*:*", "matchCriteriaId": "1A831B2A-A23C-4BB4-B64C-ADD2C77D96E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.7-042:*:*:*:*:*:*:*", "matchCriteriaId": "46895808-4225-42FB-BA8B-12ADFADAB4AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "54E7090B-6FB0-4161-8534-BD2561B1C203", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.6.0-011:*:*:*:*:*:*:*", "matchCriteriaId": "62CA88FC-047E-4EA4-B3E9-E903DD1892CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A4A2C13-FB68-4DAD-AC0E-A90260655F33", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.1-000:*:*:*:*:*:*:*", "matchCriteriaId": "B574E66D-783A-48E6-A04A-16E0B1A56EBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.2-032:*:*:*:*:*:*:*", "matchCriteriaId": "CE973E6A-4BE5-44D7-9E66-B966377F2315", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE6412D3-E788-45F8-B4E5-4795CD88F3C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-212:*:*:*:*:*:*:*", "matchCriteriaId": "79408E18-14BE-486A-AAD1-95A3871CCD21", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-461:*:*:*:*:*:*:*", "matchCriteriaId": "44F4ABDB-16DC-4D8F-B2D8-9724133F40BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.5-000:*:*:*:*:*:*:*", "matchCriteriaId": "F8A2F388-FFE1-43BD-A9B6-D21043F86AA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "57F398CF-66B8-4BE1-8586-1DCD1FF8C3C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-011:*:*:*:*:*:*:*", "matchCriteriaId": "9EF05089-FDC2-4D78-9949-B313A11A3FF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-032:*:*:*:*:*:*:*", "matchCriteriaId": "22602224-5873-4B62-A3B4-66B9E590B73E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-101:*:*:*:*:*:*:*", "matchCriteriaId": "2C301DE3-99C7-415A-9D1B-8DDD00E4E5D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA369D6F-7011-49CF-B0E7-D1B7A2D1B719", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:*:*:*:*:*:*:*", "matchCriteriaId": "5D328123-3F80-4686-A464-574CDFF67247", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "C17D2028-25C5-4234-8723-7040DCFBEE92", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:*:*:*:*:*:*:*", "matchCriteriaId": "EF846D4C-F7A2-4C27-A2A3-CFE5E76DE5F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "98D691BA-8205-4C49-851B-2FDC1F22F641", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*", "matchCriteriaId": "ED373FBD-1BB7-4532-946F-9DA2DF33A8D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*", "matchCriteriaId": "7A450E5F-D02B-4F4D-9844-794D6A39D923", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:*:*:*:*:*:*:*", "matchCriteriaId": "61E682A3-28D4-4163-B047-DAD05D404128", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*", "matchCriteriaId": "72DADB2C-D86D-44B5-B87B-289990A7D9B4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047."}, {"lang": "es", "value": "Una vulnerabilidad en la caracter\u00edstica de filtrado de mensajes de email de Cisco AsyncOS Software para Cisco Email Security Appliances podr\u00eda permitir a un atacante remoto no autenticado provocar que el dispositivo afectado pare el escaneo y reenv\u00ede mensajes de email debido a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Productos afectados: Esta vulnerabilidad afecta a todas las versiones previas a la primera versi\u00f3n fija de Cisco AsyncOS Software para Cisco Email Security Appliances, ambos dispositivos virtuales y hardware, si el software est\u00e1 configurado para aplicar un filtro de mensajes o un filtro de contenido a los adjuntos de mails entrantes. La vulnerabilidad no est\u00e1 limitada a reglas o acciones espec\u00edficas del filtro de mensajes o del filtro de contenido. M\u00e1s informaci\u00f3n: CSCuz63143. Lanzamientos conocidos afectados: 8.5.7-042 9.7.0-125. Lanzamientos conocidos solucionados: 10.0.0-125 9.1.1-038 9.7.2-047."}], "id": "CVE-2016-6356", "lastModified": "2024-11-21T02:55:58.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-28T10:59:06.587", "references": [{"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/93907"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1037122"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/93907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037122"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}