SB2016110210 - Security restrictions bypass in Cisco Email Security Appliance
Published: November 2, 2016 Updated: April 5, 2018
Security Bulletin ID
SB2016110210
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security restrictions bypass (CVE-ID: CVE-2016-6458)
The vulnerability allows a remote unauthenticated user to bypass security controls on the target system.The weakness is due to improper input validation. By sending an email message containing a specially crafted RAR archive, a remote attacker can bypass the configured email attachment content filters.
Successful exploitation of the vulnerability results in security bypass and access to data on the vulnerable system.
Remediation
Install update from vendor's website.