CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6462
https://notcve.org/view.php?id=CVE-2016-6462
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCva13456. Known Affected Releases: 10.0.0-082 10.0.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. • http://www.securityfocus.com/bid/94360 http://www.securitytracker.com/id/1037307 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa1 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6463
https://notcve.org/view.php?id=CVE-2016-6463
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuz85823. Known Affected Releases: 10.0.0-082 9.7.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. • http://www.securityfocus.com/bid/94363 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6458
https://notcve.org/view.php?id=CVE-2016-6458
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066. • http://www.securityfocus.com/bid/94074 http://www.securitytracker.com/id/1037182 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6406
https://notcve.org/view.php?id=CVE-2016-6406
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017. Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124 y 10.0.0-125 en dispositivos Email Security Appliance (ESA), cuando se instala Enrollment Client en versiones anteriores a 1.0.2-065, permite a atacantes remotos obtener acceso root a través de una conexión a la interfaz testing/debugging, vulnerabilidad también conocida como Bug ID CSCvb26017. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa http://www.securityfocus.com/bid/93116 http://www.securitytracker.com/id/1036881 • CWE-264: Permissions, Privileges, and Access Controls •