CVE-2016-6360 - Vulnerability Details

A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Email Security Appliance Web Security Appliance

Configuration 1 [-]

OR	cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:::::::*
	cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:::::::*
	cpe:2.3:a:cisco:web_security_appliance:8.8.0-085:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.0.0-193:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.0_base:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.0-000:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1.0-070:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.1_base:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.5.0-235:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.5.0-284:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.5.0-444:::::::*
	cpe:2.3:a:cisco:web_security_appliance:9.5_base:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/93910
http://www.securitytracker.com/id/1037120
http://www.securitytracker.com/id/1037121
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2016-10-28T10:00:00

Updated: 2024-08-06T01:29:19.466Z

Reserved: 2016-07-26T00:00:00

Link: CVE-2016-6360

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-10-28T10:59:10.213

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-6360

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object