CVE-2016-1411

Published: Dec 14, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.

Affected (16)

Products: Cisco: Content Security Management Appliance, Email Security Appliance, Web Security Appliance

Cisco

3 products

Content Security Management Appliance

Email Security Appliance

Web Security Appliance

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Cisco Content Security Management Appliance	Version 9.1.0-004
Cisco Content Security Management Appliance	Version 9.1.0-031
Cisco Content Security Management Appliance	Version 9.1.0-033
Cisco Content Security Management Appliance	Version 9.1.0-103
Cisco Content Security Management Appliance	Version 9.1.0
Cisco Content Security Management Appliance	Version 9.6.0
Cisco Email Security Appliance	Version 7.5.2-201
Cisco Email Security Appliance	Version 7.5.2-hp2-303
Cisco Email Security Appliance	Version 7.6.3-025
Cisco Email Security Appliance	Version 8.0.1-023
Cisco Email Security Appliance	Version 8.5.0-000
Cisco Email Security Appliance	Version 8.5.0-er1-198
Cisco Email Security Appliance	Version 8.5.1-021
Cisco Web Security Appliance	Version 7.7.0-608
Cisco Web Security Appliance	Version 7.7.5-835
Cisco Web Security Appliance	Version 8.8.0-000

Related CWEs

CWE-310

References (4)

http://www.securityfocus.com/bid/94791

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/94791

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.