CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-6358
https://notcve.org/view.php?id=CVE-2016-6358
A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038. Una vulnerabilidad en FTP local a Cisco Email Security Appliance (ESA) podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS) parcial cuando la aplicación FTP se cierra inesperadamente. • http://www.securityfocus.com/bid/93905 http://www.securitytracker.com/id/1037115 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa6 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6357
https://notcve.org/view.php?id=CVE-2016-6357
A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026. Una vulnerabilidad en las políticas de seguridad configuradas, incluida la caída del filtrado de email, en Cisco AsyncOS para Cisco Email Security Appliance (ESA) podría permitir a un atacante remoto no autenticado eludir una caída de filtrado configurada utilizando un email con un adjunto corrupto. Más información: CSCuz01651. • http://www.securityfocus.com/bid/93909 http://www.securitytracker.com/id/1037114 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5 • CWE-388: 7PK - Errors •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0CVE-2016-6416
https://notcve.org/view.php?id=CVE-2016-6416
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. El servicio FTP en Cisco AsyncOS en dispositivos Email Security Appliance (ESA) 9.6.0-000 hasta la versión 9.9.6-026, dispositivos Web Security Appliance (WSA) 9.0.0-162 hasta la versión 9.5.0-444 y dispositivos Content Security Management Appliance (SMA) permite a atacantes remotos provocar una denegación de servicio a través de inundación de tráfico FTP, vulnerabilidad también conocida como Bug IDs CSCuz82907, CSCuz84330 y CSCuz86065. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos http://www.securityfocus.com/bid/93198 http://www.securitytracker.com/id/1036915 http://www.securitytracker.com/id/1036916 http://www.securitytracker.com/id/1036917 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6406
https://notcve.org/view.php?id=CVE-2016-6406
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017. Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124 y 10.0.0-125 en dispositivos Email Security Appliance (ESA), cuando se instala Enrollment Client en versiones anteriores a 1.0.2-065, permite a atacantes remotos obtener acceso root a través de una conexión a la interfaz testing/debugging, vulnerabilidad también conocida como Bug ID CSCvb26017. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa http://www.securityfocus.com/bid/93116 http://www.securitytracker.com/id/1036881 • CWE-264: Permissions, Privileges, and Access Controls •