What is the severity of CVE-2016-6406?

CVE-2016-6406 is classified as a high severity vulnerability due to the potential for remote attackers to gain root access.

How do I fix CVE-2016-6406?

To fix CVE-2016-6406, upgrade the Cisco Email Security Appliance to a version that is 1.0.2-065 or later for the Enrollment Client.

What systems are affected by CVE-2016-6406?

CVE-2016-6406 affects Cisco Email Security Appliance devices running specific AsyncOS versions listed in the vulnerability details.

Can CVE-2016-6406 be exploited remotely?

Yes, CVE-2016-6406 can be exploited remotely by attackers who establish a connection to the affected devices.

What are the potential impacts of CVE-2016-6406?

The potential impacts of CVE-2016-6406 include unauthorized access and control over the affected Cisco Email Security Appliances.

Vulnerability/
CVE-2016-6406

critical

CWE

264

22/9/2016

6/8/2024

CVE-2016-6406

First published: Thu Sep 22 2016(Updated: )

Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco AsyncOS Software for Cisco Email Security Appliances	=9.1.2-023
Cisco AsyncOS Software for Cisco Email Security Appliances	=9.1.2-028
Cisco AsyncOS Software for Cisco Email Security Appliances	=9.1.2-036
Cisco AsyncOS Software for Cisco Email Security Appliances	=9.7.2-046
Cisco AsyncOS Software for Cisco Email Security Appliances	=9.7.2-047
Cisco AsyncOS Software for Cisco Email Security Appliances	=9.7.2-054
Cisco AsyncOS Software for Cisco Email Security Appliances	=10.0.0-124
Cisco AsyncOS Software for Cisco Email Security Appliances	=10.0.0-125

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6406?
CVE-2016-6406 is classified as a high severity vulnerability due to the potential for remote attackers to gain root access.
How do I fix CVE-2016-6406?
To fix CVE-2016-6406, upgrade the Cisco Email Security Appliance to a version that is 1.0.2-065 or later for the Enrollment Client.
What systems are affected by CVE-2016-6406?
CVE-2016-6406 affects Cisco Email Security Appliance devices running specific AsyncOS versions listed in the vulnerability details.
Can CVE-2016-6406 be exploited remotely?
Yes, CVE-2016-6406 can be exploited remotely by attackers who establish a connection to the affected devices.
What are the potential impacts of CVE-2016-6406?
The potential impacts of CVE-2016-6406 include unauthorized access and control over the affected Cisco Email Security Appliances.

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/last-modified-date
agent/author
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco asyncos software for cisco email security appliances
version/cisco asyncos software for cisco email security appliances/9.1.2-023
version/cisco asyncos software for cisco email security appliances/9.1.2-028
version/cisco asyncos software for cisco email security appliances/9.1.2-036
version/cisco asyncos software for cisco email security appliances/9.7.2-046
version/cisco asyncos software for cisco email security appliances/9.7.2-047
version/cisco asyncos software for cisco email security appliances/9.7.2-054
version/cisco asyncos software for cisco email security appliances/10.0.0-124
version/cisco asyncos software for cisco email security appliances/10.0.0-125