CVE-2016-1423: XSS
First published: Fri Oct 28 2016(Updated: )
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Email Security Appliance Firmware | =8.9.0 | |
| Cisco Email Security Appliance Firmware | =8.9.1-000 | |
| Cisco Email Security Appliance Firmware | =8.9.2-032 | |
| Cisco Email Security Appliance Firmware | =9.0.0 | |
| Cisco Email Security Appliance Firmware | =9.0.0-212 | |
| Cisco Email Security Appliance Firmware | =9.0.0-461 | |
| Cisco Email Security Appliance Firmware | =9.0.5-000 | |
| Cisco Email Security Appliance Firmware | =9.1.0 | |
| Cisco Email Security Appliance Firmware | =9.1.0-011 | |
| Cisco Email Security Appliance Firmware | =9.1.0-032 | |
| Cisco Email Security Appliance Firmware | =9.1.0-101 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1423?
The severity of CVE-2016-1423 is classified as high due to its potential for remote exploitation.
How do I fix CVE-2016-1423?
To fix CVE-2016-1423, update the Cisco Email Security Appliance to a patched version provided by Cisco.
Which versions of Cisco Email Security Appliance are affected by CVE-2016-1423?
CVE-2016-1423 affects versions 8.9.0, 8.9.1-000, 8.9.2-032, and various versions of 9.0.0 and 9.1.0.
Can CVE-2016-1423 be exploited remotely?
Yes, CVE-2016-1423 can be exploited by an unauthenticated remote attacker.
What types of attacks can be executed using CVE-2016-1423?
Exploitation of CVE-2016-1423 can lead to phishing attacks, where users may be tricked into clicking malicious links.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco email security appliance firmware
- version/cisco email security appliance firmware/8.9.0
- version/cisco email security appliance firmware/8.9.1-000
- version/cisco email security appliance firmware/8.9.2-032
- version/cisco email security appliance firmware/9.0.0
- version/cisco email security appliance firmware/9.0.0-212
- version/cisco email security appliance firmware/9.0.0-461
- version/cisco email security appliance firmware/9.0.5-000
- version/cisco email security appliance firmware/9.1.0
- version/cisco email security appliance firmware/9.1.0-011
- version/cisco email security appliance firmware/9.1.0-032
- version/cisco email security appliance firmware/9.1.0-101