CVE-2016-6416

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.

CVSS v3.0 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos	Vendor Advisory
http://www.securityfocus.com/bid/93198
http://www.securitytracker.com/id/1036917
http://www.securitytracker.com/id/1036916
http://www.securitytracker.com/id/1036915

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.9_base:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.5.0-235:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.5.0-284:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:::::::*
	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.9.6-026:::::::*
	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:::::::*
	cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.5_base:::::::*
	cpe:2.3:a:cisco:content_security_management_appliance:9.5.0:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.0.0-162:::::::*
	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1_base:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.0-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.0-070:::::::*
	cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.5.0-444:::::::*

Information

Published : 2016-10-05 10:59

Updated : 2017-07-29 18:29

NVD link : CVE-2016-6416

Mitre link : CVE-2016-6416

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

cisco

content_security_management_appliance
email_security_appliance
web_security_appliance

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2016-6416

5.9^/10

4.3^/10

Attach tags to `CVE-2016-6416`