CVE-2016-1411
Description
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.224
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability For Cisco IronPort Email Security Appliance Software | NCM |
| Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability For Cisco IronPort Web Security Appliance Software | NCM |
| Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability For Cisco IronPort Security Management Appliance Software | NCM |
| CVE-2016-1411 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706003 | Security Update for Cisco IronPort Email Security Appliance Software 9.7.2-131 |
| PATCH-1706023 | Security Update for Cisco IronPort Web Security Appliance Software 9.1.2-010 |
| PATCH-1706033 | Security Update for Cisco IronPort Security Management Appliance Software 11.0.1-152 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234