{"containers": {"cna": {"affected": [{"product": "Cisco AsyncOS 10.0.0-125 and 9.7.1-066", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco AsyncOS 10.0.0-125 and 9.7.1-066"}]}], "datePublic": "2016-11-18T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T09:57:01.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1037182", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037182"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa"}, {"name": "94074", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94074"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-6458", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco AsyncOS 10.0.0-125 and 9.7.1-066", "version": {"version_data": [{"version_value": "Cisco AsyncOS 10.0.0-125 and 9.7.1-066"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "1037182", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037182"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa"}, {"name": "94074", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94074"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:20.094Z"}, "title": "CVE Program Container", "references": [{"name": "1037182", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037182"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa"}, {"name": "94074", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94074"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-6458", "datePublished": "2016-11-19T02:45:00.000Z", "dateReserved": "2016-07-26T00:00:00.000Z", "dateUpdated": "2024-08-06T01:29:20.094Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.1-066:*:*:*:*:*:*:*", "matchCriteriaId": "9F09AFAB-9F02-4B39-8117-BAA56A434289", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.2-046:*:*:*:*:*:*:*", "matchCriteriaId": "643A1573-29B5-4DD4-94D5-AF64ACCDFF11", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.2-047:*:*:*:*:*:*:*", "matchCriteriaId": "FD833960-F2F6-4F48-BBA6-0FC77D3A1A6B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.2-054:*:*:*:*:*:*:*", "matchCriteriaId": "CB717827-4F97-4697-A991-4522558BE51F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.9.6-026:*:*:*:*:*:*:*", "matchCriteriaId": "A0958602-8C88-4E0E-8720-F4D7AB7692AD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.9_base:*:*:*:*:*:*:*", "matchCriteriaId": "1BED571D-4B55-4526-8055-0848F27F1ACC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-124:*:*:*:*:*:*:*", "matchCriteriaId": "61539DE3-591F-4CAA-889B-654037A07DC4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-125:*:*:*:*:*:*:*", "matchCriteriaId": "7C4E4BBD-F14C-4573-B771-FA0303A6220C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de filtrado de contenido de Software Cisco AsyncOS para Cisco Email Security Appliances podr\u00eda permitir a un atacante remoto no autenticado eludir los filtros de contenido configurados en un dispositivo afectado. El correo electr\u00f3nico que deber\u00eda haber sido filtrado podr\u00eda ser reenviado por el dispositivo. Esta vulnerabilidad afecta a todas las versiones anteriores a la primera versi\u00f3n solucionada del Software de Cisco AsyncOS para Cisco Email Security Appliances, tanto dispositivos virtual como hardware, si el software est\u00e1 configurado para utilizar un filtro de contenido para archivos adjuntos de correo electr\u00f3nico que son protegidos o cifrados. M\u00e1s informaci\u00f3n: CSCva52546. Lanzamientos conocidos afectados: 10.0.0-125 9.7.1-066."}], "id": "CVE-2016-6458", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-19T03:03:01.383", "references": [{"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/bid/94074"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1037182"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/94074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037182"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}