← Back

CVE-2016-6416

nvd nist
Published: Oct 5, 2016Modified: May 6, 2026

JSON object

Loading...
5.9
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.

Affected (21)

Cisco
3 products
Content Security Management Appliance
Email Security Appliance
Web Security Appliance
Configuration A
21 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Content Security Management Appliance
Version 9.1.0-004
Content Security Management Appliance
Version 9.1.0-031
Content Security Management Appliance
Version 9.1.0-033
Content Security Management Appliance
Version 9.1.0-103
Content Security Management Appliance
Version 9.1.0
Content Security Management Appliance
Version 9.5.0
Content Security Management Appliance
Version 9.6.0
Cisco
Email Security Appliance
Version 9.6.0-000
Email Security Appliance
Version 9.6.0-042
Email Security Appliance
Version 9.6.0-051
Email Security Appliance
Version 9.7.1-066
Email Security Appliance
Version 9.9.6-026
Email Security Appliance
Version 9.9_base
Cisco
Web Security Appliance
Version 9.0.0-162
Web Security Appliance
Version 9.1.0-000
Web Security Appliance
Version 9.1.0-070
Web Security Appliance
Version 9.1_base
Web Security Appliance
Version 9.5.0-235
Web Security Appliance
Version 9.5.0-284
Web Security Appliance
Version 9.5.0-444
Web Security Appliance
Version 9.5_base

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.