HomePentest-Tools.com Logo

Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability CVE-2016-1486

CVSSv3 Score
Vulnerability description

A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. The vulnerability is due to improper handling of UU-encoded files that are attached to an email message. An attacker could exploit this vulnerability by sending a crafted email message with a UU- encoded file attachment through an affected device. The scanning of the attachment could cause the mail handling process of the affected software to restart, resulting in a DoS condition. After the mail handling process restarts, the software resumes scanning for the same attachment, which could cause the mail handling process to restart again. A successful exploit could allow the attacker to cause a repeated DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Risk description
Not available

See the referenced vendor advisory for a solution.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Oct 28, 2016
Detection added at
Software Type
Not available
Not available
Not available