CVE-2016-6406
Published Sep 22, 2016
Last updated 7 years ago
Overview
- Description
- Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.1.2-023:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B152A955-9D6A-4003-9A8A-0221B48D539B"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.1.2-028:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7447CA85-BCB7-4372-BAA2-03CA70ACCD4E"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.1.2-036:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C165A44-2A55-4216-83DB-8FFA200077F0"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.2-046:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "643A1573-29B5-4DD4-94D5-AF64ACCDFF11"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.2-047:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD833960-F2F6-4F48-BBA6-0FC77D3A1A6B"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.2-054:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB717827-4F97-4697-A991-4522558BE51F"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-124:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "61539DE3-591F-4CAA-889B-654037A07DC4"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-125:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C4E4BBD-F14C-4573-B771-FA0303A6220C"
}
],
"operator": "OR"
}
]
}
]