{"containers": {"cna": {"affected": [{"product": "Cisco AsyncOS through 9.7.1-066", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco AsyncOS through 9.7.1-066"}]}], "datePublic": "2016-10-28T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"}, {"name": "1037124", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037124"}, {"name": "93906", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93906"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1486", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco AsyncOS through 9.7.1-066", "version": {"version_data": [{"version_value": "Cisco AsyncOS through 9.7.1-066"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"}, {"name": "1037124", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037124"}, {"name": "93906", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93906"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.575Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"}, {"name": "1037124", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037124"}, {"name": "93906", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93906"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1486", "datePublished": "2016-10-28T10:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.575Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "DCB92F9E-9FA2-4D50-82C2-FF0A20EB42FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:*:*:*:*:*:*:*", "matchCriteriaId": "0D9AFCF6-AFC3-4466-AB77-DA77090BBE0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-052:*:*:*:*:*:*:*", "matchCriteriaId": "A511EEC7-A7B4-46A0-9182-42B6FFB0E103", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-073:*:*:*:*:*:*:*", "matchCriteriaId": "2E8A45A9-0835-4F4D-99D1-4E894EE95B5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-074:*:*:*:*:*:*:*", "matchCriteriaId": "C69F7FA3-F8FD-430F-B70C-FBFC3C1A2D04", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-106:*:*:*:*:*:*:*", "matchCriteriaId": "5EFD829C-2BA8-4EA6-A846-74776A05D105", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.6-113:*:*:*:*:*:*:*", "matchCriteriaId": "1A831B2A-A23C-4BB4-B64C-ADD2C77D96E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.7-042:*:*:*:*:*:*:*", "matchCriteriaId": "46895808-4225-42FB-BA8B-12ADFADAB4AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "54E7090B-6FB0-4161-8534-BD2561B1C203", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.6.0-011:*:*:*:*:*:*:*", "matchCriteriaId": "62CA88FC-047E-4EA4-B3E9-E903DD1892CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A4A2C13-FB68-4DAD-AC0E-A90260655F33", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.1-000:*:*:*:*:*:*:*", "matchCriteriaId": "B574E66D-783A-48E6-A04A-16E0B1A56EBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.9.2-032:*:*:*:*:*:*:*", "matchCriteriaId": "CE973E6A-4BE5-44D7-9E66-B966377F2315", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE6412D3-E788-45F8-B4E5-4795CD88F3C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-212:*:*:*:*:*:*:*", "matchCriteriaId": "79408E18-14BE-486A-AAD1-95A3871CCD21", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.0-461:*:*:*:*:*:*:*", "matchCriteriaId": "44F4ABDB-16DC-4D8F-B2D8-9724133F40BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.0.5-000:*:*:*:*:*:*:*", "matchCriteriaId": "F8A2F388-FFE1-43BD-A9B6-D21043F86AA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "57F398CF-66B8-4BE1-8586-1DCD1FF8C3C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-011:*:*:*:*:*:*:*", "matchCriteriaId": "9EF05089-FDC2-4D78-9949-B313A11A3FF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-032:*:*:*:*:*:*:*", "matchCriteriaId": "22602224-5873-4B62-A3B4-66B9E590B73E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.0-101:*:*:*:*:*:*:*", "matchCriteriaId": "2C301DE3-99C7-415A-9D1B-8DDD00E4E5D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.1.1-000:*:*:*:*:*:*:*", "matchCriteriaId": "8F0298F5-CE72-4A8A-9AA9-5770BE6081F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA369D6F-7011-49CF-B0E7-D1B7A2D1B719", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:*:*:*:*:*:*:*", "matchCriteriaId": "5D328123-3F80-4686-A464-574CDFF67247", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "C17D2028-25C5-4234-8723-7040DCFBEE92", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:*:*:*:*:*:*:*", "matchCriteriaId": "EF846D4C-F7A2-4C27-A2A3-CFE5E76DE5F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "98D691BA-8205-4C49-851B-2FDC1F22F641", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*", "matchCriteriaId": "ED373FBD-1BB7-4532-946F-9DA2DF33A8D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*", "matchCriteriaId": "7A450E5F-D02B-4F4D-9844-794D6A39D923", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:*:*:*:*:*:*:*", "matchCriteriaId": "61E682A3-28D4-4163-B047-DAD05D404128", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de escaneo de adjuntos de email de la caracter\u00edstica Advanced Malware Protection (AMP) de Cisco AsyncOS Software para Cisco Email Security Appliances podr\u00eda permitir a un atacante remoto no autenticado provocar que el dispositivo afectado pare el escaneo y reenv\u00ede mensajes de email debido a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Productos afectados: Esta vulnerabilidad afecta a las versiones Cisco AsyncOS Software releases 9.7.1 y posteriores, previas a la primera versi\u00f3n fija, ambos dispositivos virtuales y hardware Cisco Email Security Appliances, si la caracter\u00edstica AMP est\u00e1 configurada para escanear los adjuntos de mails entrantes. M\u00e1s informaci\u00f3n: CSCuy99453. Lanzamientos conocidos afectados: 9.7.1-066. Lanzamientos conocidos solucionados: 10.0.0-125 9.7.1-207 9.7.2-047."}], "id": "CVE-2016-1486", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-28T10:59:05.197", "references": [{"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/bid/93906"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1037124"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/93906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}