CVE-2016-6458: Input Validation
First published: Sat Nov 19 2016(Updated: )
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Email Security Appliance Firmware | =9.7.1-066 | |
| Cisco Email Security Appliance Firmware | =9.7.2-046 | |
| Cisco Email Security Appliance Firmware | =9.7.2-047 | |
| Cisco Email Security Appliance Firmware | =9.7.2-054 | |
| Cisco Email Security Appliance Firmware | =9.9.6-026 | |
| Cisco Email Security Appliance Firmware | =9.9_base | |
| Cisco Email Security Appliance Firmware | =10.0.0-124 | |
| Cisco Email Security Appliance Firmware | =10.0.0-125 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-6458?
CVE-2016-6458 is classified as a medium severity vulnerability.
How do I fix CVE-2016-6458?
To fix CVE-2016-6458, update the Cisco Email Security Appliance firmware to a version that addresses the vulnerability.
Which versions of Cisco Email Security Appliance are affected by CVE-2016-6458?
CVE-2016-6458 affects Cisco Email Security Appliance firmware versions 9.7.1-066, 9.7.2-046, 9.7.2-047, 9.7.2-054, 9.9.6-026, 9.9_base, 10.0.0-124, and 10.0.0-125.
Can CVE-2016-6458 be exploited remotely?
Yes, CVE-2016-6458 can be exploited by an unauthenticated remote attacker.
What impact does CVE-2016-6458 have on email filtering?
CVE-2016-6458 allows email that should have been filtered to bypass the content filtering configured on affected devices.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco email security appliance firmware
- version/cisco email security appliance firmware/9.7.1-066
- version/cisco email security appliance firmware/9.7.2-046
- version/cisco email security appliance firmware/9.7.2-047
- version/cisco email security appliance firmware/9.7.2-054
- version/cisco email security appliance firmware/9.9.6-026
- version/cisco email security appliance firmware/9.9_base
- version/cisco email security appliance firmware/10.0.0-124
- version/cisco email security appliance firmware/10.0.0-125