{ "id": "CVE-2016-6358", "sourceIdentifier": "ykramarz@cisco.com", "published": "2016-10-28T10:59:09.197", "lastModified": "2017-07-29T01:34:17.773", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038." }, { "lang": "es", "value": "Una vulnerabilidad en FTP local a Cisco Email Security Appliance (ESA) podr\u00eda permitir a un atacante remoto no autenticado provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) parcial cuando la aplicaci\u00f3n FTP se cierra inesperadamente. M\u00e1s informaci\u00f3n: CSCux68539. Lanzamientos conocidos afectados: 9.1.0-032 9.7.1-000. Lanzamientos conocidos solucionados: 9.1.1-038." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*", "matchCriteriaId": "72DADB2C-D86D-44B5-B87B-289990A7D9B4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-046:*:*:*:*:*:*:*", "matchCriteriaId": "D09E23D3-29BC-4B86-AB55-975B818CCB33" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-047:*:*:*:*:*:*:*", "matchCriteriaId": "F4ED5BEF-5F3F-42D6-A953-B12FC9028EB2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.7.2-054:*:*:*:*:*:*:*", "matchCriteriaId": "AE59F47E-09CB-4C1A-AE70-ABAEDE74DA92" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.9.6-026:*:*:*:*:*:*:*", "matchCriteriaId": "F508B007-27AD-483F-B220-B62C84892617" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:email_security_appliance:9.9_base:*:*:*:*:*:*:*", "matchCriteriaId": "B95BBCED-65C8-4433-884B-0088B8B15E71" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/93905", "source": "ykramarz@cisco.com" }, { "url": "http://www.securitytracker.com/id/1037115", "source": "ykramarz@cisco.com" }, { "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa6", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] } ] }