CVE-2016-6458
https://notcve.org/view.php?id=CVE-2016-6458
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066. • http://www.securityfocus.com/bid/94074 http://www.securitytracker.com/id/1037182 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa • CWE-20: Improper Input Validation •
CVE-2016-6372
https://notcve.org/view.php?id=CVE-2016-6372
A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. • http://www.securityfocus.com/bid/93911 http://www.securitytracker.com/id/1037118 http://www.securitytracker.com/id/1037119 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2 • CWE-20: Improper Input Validation •
CVE-2016-6357
https://notcve.org/view.php?id=CVE-2016-6357
A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026. Una vulnerabilidad en las políticas de seguridad configuradas, incluida la caída del filtrado de email, en Cisco AsyncOS para Cisco Email Security Appliance (ESA) podría permitir a un atacante remoto no autenticado eludir una caída de filtrado configurada utilizando un email con un adjunto corrupto. Más información: CSCuz01651. • http://www.securityfocus.com/bid/93909 http://www.securitytracker.com/id/1037114 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5 • CWE-388: 7PK - Errors •
CVE-2016-6358
https://notcve.org/view.php?id=CVE-2016-6358
A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038. Una vulnerabilidad en FTP local a Cisco Email Security Appliance (ESA) podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS) parcial cuando la aplicación FTP se cierra inesperadamente. • http://www.securityfocus.com/bid/93905 http://www.securitytracker.com/id/1037115 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa6 • CWE-20: Improper Input Validation •
CVE-2016-6416
https://notcve.org/view.php?id=CVE-2016-6416
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. El servicio FTP en Cisco AsyncOS en dispositivos Email Security Appliance (ESA) 9.6.0-000 hasta la versión 9.9.6-026, dispositivos Web Security Appliance (WSA) 9.0.0-162 hasta la versión 9.5.0-444 y dispositivos Content Security Management Appliance (SMA) permite a atacantes remotos provocar una denegación de servicio a través de inundación de tráfico FTP, vulnerabilidad también conocida como Bug IDs CSCuz82907, CSCuz84330 y CSCuz86065. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos http://www.securityfocus.com/bid/93198 http://www.securitytracker.com/id/1036915 http://www.securitytracker.com/id/1036916 http://www.securitytracker.com/id/1036917 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •