CVE-2016-6358
https://notcve.org/view.php?id=CVE-2016-6358
A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038. Una vulnerabilidad en FTP local a Cisco Email Security Appliance (ESA) podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS) parcial cuando la aplicación FTP se cierra inesperadamente. • http://www.securityfocus.com/bid/93905 http://www.securitytracker.com/id/1037115 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa6 • CWE-20: Improper Input Validation •
CVE-2016-6416
https://notcve.org/view.php?id=CVE-2016-6416
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. El servicio FTP en Cisco AsyncOS en dispositivos Email Security Appliance (ESA) 9.6.0-000 hasta la versión 9.9.6-026, dispositivos Web Security Appliance (WSA) 9.0.0-162 hasta la versión 9.5.0-444 y dispositivos Content Security Management Appliance (SMA) permite a atacantes remotos provocar una denegación de servicio a través de inundación de tráfico FTP, vulnerabilidad también conocida como Bug IDs CSCuz82907, CSCuz84330 y CSCuz86065. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos http://www.securityfocus.com/bid/93198 http://www.securitytracker.com/id/1036915 http://www.securitytracker.com/id/1036916 http://www.securitytracker.com/id/1036917 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •