Vulnerabilities > CVE-2016-1438 - 7PK - Security Features vulnerability in Cisco Asyncos 9.7.0125

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

cisco

CWE-254

NVD

Published: 2016-06-23

Updated: 2018-10-30

Summary

Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Asyncos 9.7.0-125 Cisco Email Security Appliance Firmware -	2

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-esa
http://www.securitytracker.com/id/1036156