CVE-2016-6416

Published Oct 5, 2016

Last updated 8 years ago

CVSS medium 5.9

Overview

Description: The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07DCBDF0-1E0D-420C-A0BA-2C4C38D13D76"
          },
          {
            "criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F40DB32E-31F8-44B2-896E-26232EA41873"
          },
          {
            "criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B68AE1E-AD02-465E-AC86-FF23591D3882"
          },
          {
            "criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA33E2AF-87FE-4F04-AC02-98068C81D92D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F57F5AB-DA2D-49AC-8C61-DD06DF9E8E12"
          },
          {
            "criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B272AFD-80B1-43C3-AE0F-CBD9A9ED2581"
          },
          {
            "criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D122AF7B-1195-4F83-B8CC-50E22C4417C3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98D691BA-8205-4C49-851B-2FDC1F22F641"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED373FBD-1BB7-4532-946F-9DA2DF33A8D1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A450E5F-D02B-4F4D-9844-794D6A39D923"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72DADB2C-D86D-44B5-B87B-289990A7D9B4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.9.6-026:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F508B007-27AD-483F-B220-B62C84892617"
          },
          {
            "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.9_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B95BBCED-65C8-4433-884B-0088B8B15E71"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-162:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5BF001A-7ADB-4976-8A50-0EFC53FB6AEC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:9.1.0-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7703E48F-6AAE-42DF-91E4-7205E9A7AD1D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:9.1.0-070:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8782B7BC-03C5-4866-9807-14EF9A818EB1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:9.1_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8677C11-CD70-4A92-9E06-7ABC4753F13A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:9.5.0-235:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BEBC56B-BC37-4A5C-90D9-D412B978A743"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:9.5.0-284:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BA50ED3-74F8-4B13-BFA9-97EA6B43C701"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:9.5.0-444:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56127D49-142B-4660-9FEF-715E419E1643"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:9.5_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D0113C0-9BD3-49DD-AAA3-57BF6148D054"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References