What is the severity of CVE-2016-6356?

CVE-2016-6356 is rated as critical due to its potential for causing a denial of service condition.

How do I fix CVE-2016-6356?

To fix CVE-2016-6356, upgrade to a fixed version of the Cisco Email Security Appliance Firmware as recommended in the advisories.

Which Cisco Email Security Appliance versions are affected by CVE-2016-6356?

CVE-2016-6356 affects multiple versions, including 3.3.1-09 and various versions from 7.1.0 to 9.7.1-066.

What kind of attack does CVE-2016-6356 allow?

CVE-2016-6356 allows an unauthenticated remote attacker to disrupt email scanning and forwarding services.

Is there a workaround for CVE-2016-6356?

No specific workarounds are provided for CVE-2016-6356, hence upgrading firmware is recommended.

Vulnerability/
CVE-2016-6356

high

7.8

CWE

28/10/2016

6/8/2024

CVE-2016-6356: Input Validation

First published: Fri Oct 28 2016(Updated: )

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Email Security Appliance Firmware	=3.3.1-09
Cisco Email Security Appliance Firmware	=7.1.0
Cisco Email Security Appliance Firmware	=7.1.1
Cisco Email Security Appliance Firmware	=7.1.2
Cisco Email Security Appliance Firmware	=7.1.3
Cisco Email Security Appliance Firmware	=7.1.4
Cisco Email Security Appliance Firmware	=7.1.5
Cisco Email Security Appliance Firmware	=7.3.0
Cisco Email Security Appliance Firmware	=7.3.1
Cisco Email Security Appliance Firmware	=7.3.2
Cisco Email Security Appliance Firmware	=7.5.0
Cisco Email Security Appliance Firmware	=7.5.1
Cisco Email Security Appliance Firmware	=7.5.2
Cisco Email Security Appliance Firmware	=7.5.2-201
Cisco Email Security Appliance Firmware	=7.6.0
Cisco Email Security Appliance Firmware	=7.6.1-000
Cisco Email Security Appliance Firmware	=7.6.1-gpl-022
Cisco Email Security Appliance Firmware	=7.6.2
Cisco Email Security Appliance Firmware	=7.6.3-000
Cisco Email Security Appliance Firmware	=7.6.3-025
Cisco Email Security Appliance Firmware	=7.7.0-000
Cisco Email Security Appliance Firmware	=7.7.1-000
Cisco Email Security Appliance Firmware	=7.8.0
Cisco Email Security Appliance Firmware	=7.8.0-311
Cisco Email Security Appliance Firmware	=8.0.1-023
Cisco Email Security Appliance Firmware	=8.0_base
Cisco Email Security Appliance Firmware	=8.5.0-000
Cisco Email Security Appliance Firmware	=8.5.0-er1-198
Cisco Email Security Appliance Firmware	=8.5.6-052
Cisco Email Security Appliance Firmware	=8.5.6-073
Cisco Email Security Appliance Firmware	=8.5.6-074
Cisco Email Security Appliance Firmware	=8.5.6-106
Cisco Email Security Appliance Firmware	=8.5.6-113
Cisco Email Security Appliance Firmware	=8.5.7-042
Cisco Email Security Appliance Firmware	=8.6.0
Cisco Email Security Appliance Firmware	=8.6.0-011
Cisco Email Security Appliance Firmware	=8.9.0
Cisco Email Security Appliance Firmware	=8.9.1-000
Cisco Email Security Appliance Firmware	=8.9.2-032
Cisco Email Security Appliance Firmware	=9.0.0
Cisco Email Security Appliance Firmware	=9.0.0-212
Cisco Email Security Appliance Firmware	=9.0.0-461
Cisco Email Security Appliance Firmware	=9.0.5-000
Cisco Email Security Appliance Firmware	=9.1.0
Cisco Email Security Appliance Firmware	=9.1.0-011
Cisco Email Security Appliance Firmware	=9.1.0-032
Cisco Email Security Appliance Firmware	=9.1.0-101
Cisco Email Security Appliance Firmware	=9.4.0
Cisco Email Security Appliance Firmware	=9.4.4-000
Cisco Email Security Appliance Firmware	=9.5.0-000
Cisco Email Security Appliance Firmware	=9.5.0-201
Cisco Email Security Appliance Firmware	=9.6.0-000
Cisco Email Security Appliance Firmware	=9.6.0-042
Cisco Email Security Appliance Firmware	=9.6.0-051
Cisco Email Security Appliance Firmware	=9.7.0-125
Cisco Email Security Appliance Firmware	=9.7.1-066

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6356?
CVE-2016-6356 is rated as critical due to its potential for causing a denial of service condition.
How do I fix CVE-2016-6356?
To fix CVE-2016-6356, upgrade to a fixed version of the Cisco Email Security Appliance Firmware as recommended in the advisories.
Which Cisco Email Security Appliance versions are affected by CVE-2016-6356?
CVE-2016-6356 affects multiple versions, including 3.3.1-09 and various versions from 7.1.0 to 9.7.1-066.
What kind of attack does CVE-2016-6356 allow?
CVE-2016-6356 allows an unauthenticated remote attacker to disrupt email scanning and forwarding services.
Is there a workaround for CVE-2016-6356?
No specific workarounds are provided for CVE-2016-6356, hence upgrading firmware is recommended.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/weakness
agent/last-modified-date
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco email security appliance firmware
version/cisco email security appliance firmware/3.3.1-09
version/cisco email security appliance firmware/7.1.0
version/cisco email security appliance firmware/7.1.1
version/cisco email security appliance firmware/7.1.2
version/cisco email security appliance firmware/7.1.3
version/cisco email security appliance firmware/7.1.4
version/cisco email security appliance firmware/7.1.5
version/cisco email security appliance firmware/7.3.0
version/cisco email security appliance firmware/7.3.1
version/cisco email security appliance firmware/7.3.2
version/cisco email security appliance firmware/7.5.0
version/cisco email security appliance firmware/7.5.1
version/cisco email security appliance firmware/7.5.2
version/cisco email security appliance firmware/7.5.2-201
version/cisco email security appliance firmware/7.6.0
version/cisco email security appliance firmware/7.6.1-000
version/cisco email security appliance firmware/7.6.1-gpl-022
version/cisco email security appliance firmware/7.6.2
version/cisco email security appliance firmware/7.6.3-000
version/cisco email security appliance firmware/7.6.3-025
version/cisco email security appliance firmware/7.7.0-000
version/cisco email security appliance firmware/7.7.1-000
version/cisco email security appliance firmware/7.8.0
version/cisco email security appliance firmware/7.8.0-311
version/cisco email security appliance firmware/8.0.1-023
version/cisco email security appliance firmware/8.0_base
version/cisco email security appliance firmware/8.5.0-000
version/cisco email security appliance firmware/8.5.0-er1-198
version/cisco email security appliance firmware/8.5.6-052
version/cisco email security appliance firmware/8.5.6-073
version/cisco email security appliance firmware/8.5.6-074
version/cisco email security appliance firmware/8.5.6-106
version/cisco email security appliance firmware/8.5.6-113
version/cisco email security appliance firmware/8.5.7-042
version/cisco email security appliance firmware/8.6.0
version/cisco email security appliance firmware/8.6.0-011
version/cisco email security appliance firmware/8.9.0
version/cisco email security appliance firmware/8.9.1-000
version/cisco email security appliance firmware/8.9.2-032
version/cisco email security appliance firmware/9.0.0
version/cisco email security appliance firmware/9.0.0-212
version/cisco email security appliance firmware/9.0.0-461
version/cisco email security appliance firmware/9.0.5-000
version/cisco email security appliance firmware/9.1.0
version/cisco email security appliance firmware/9.1.0-011
version/cisco email security appliance firmware/9.1.0-032
version/cisco email security appliance firmware/9.1.0-101
version/cisco email security appliance firmware/9.4.0
version/cisco email security appliance firmware/9.4.4-000
version/cisco email security appliance firmware/9.5.0-000
version/cisco email security appliance firmware/9.5.0-201
version/cisco email security appliance firmware/9.6.0-000
version/cisco email security appliance firmware/9.6.0-042
version/cisco email security appliance firmware/9.6.0-051
version/cisco email security appliance firmware/9.7.0-125
version/cisco email security appliance firmware/9.7.1-066

CVE-2016-6356: Input Validation

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6356?

How do I fix CVE-2016-6356?

Which Cisco Email Security Appliance versions are affected by CVE-2016-6356?

What kind of attack does CVE-2016-6356 allow?

Is there a workaround for CVE-2016-6356?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2016-6356?

How do I fix CVE-2016-6356?

Which Cisco Email Security Appliance versions are affected by CVE-2016-6356?

What kind of attack does CVE-2016-6356 allow?

Is there a workaround for CVE-2016-6356?