Security restrictions bypass in Cisco Email Security Appliance - CVE-2016-6406
Published: September 23, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU644
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6406
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Email Security Appliance
Cisco Email Security Appliance
Detailed vulnerability description
The vulnerability allows a remote user to obtain the target system with root privileges.
The weakness exists due to improper access control. By accessing internal testing and debugging interface attacker can get access to the vulnerable system.
Successful exploitation of the vulnerability will allow a malicious user to gain access to the vulnerable system with root privileges.
The weakness exists due to improper access control. By accessing internal testing and debugging interface attacker can get access to the vulnerable system.
Successful exploitation of the vulnerability will allow a malicious user to gain access to the vulnerable system with root privileges.
How to mitigate CVE-2016-6406
Install update from vendor's website.