Home

CVE-2016-6360

Description

A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.361

Associated Vulnerability

VulnerabilityOS Platform
Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability For Cisco IronPort Email Security Appliance SoftwareNCM
Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability For Cisco IronPort Web Security Appliance SoftwareNCM
Improper Input Validation Vulnerability (CVE-2016-6360)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706003Security Update for Cisco IronPort Email Security Appliance Software 9.7.2-131
PATCH-1706023Security Update for Cisco IronPort Web Security Appliance Software 9.1.2-010

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234