Main Vulnerability Database SB2016092305

SB2016092305 - Security restrictions bypass in Cisco Email Security Appliance

Published: September 23, 2016 Updated: April 5, 2018

Security Bulletin ID SB2016092305

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2016-6406)

The vulnerability allows a remote user to obtain the target system with root privileges.
The weakness exists due to improper access control. By accessing internal testing and debugging interface attacker can get access to the vulnerable system.
Successful exploitation of the vulnerability will allow a malicious user to gain access to the vulnerable system with root privileges.

Remediation

Install update from vendor's website.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa