#VU1086 Security restrictions bypass in Cisco Email Security Appliance - CVE-2016-6357

Cybersecurity Help s.r.o.

Published: 2016-10-27 | Updated: 2018-04-05

Vulnerability identifier: #VU1086

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-6357

CWE-ID: CWE-388

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Email Security Appliance
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Cisco Systems, Inc

Description
The vulnerability allows a remote unauthenticated user to bypass security restrictions on the target system.
The weakness exists due to improper error handling. By sending an email message with a specially crafted attachment, a remote attacker can bypass the configured drop filter.
Successful exploitation of the vulnerability allows a malicious user to gain access to the vulnerable system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cisco Email Security Appliance: 9.7.1 066 - 10.0.9 015

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for Recommended update for ipset

Security restrictions bypass in Cisco Email Security Appliance