Vulnerability Description
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clamav | Clamav | All versions |
| Cisco | Email Security Appliance | 9.6.0-042 |
| Cisco | Web Security Appliance | 8.8.0-085 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/90968
- http://www.securitytracker.com/id/1035993
- http://www.securitytracker.com/id/1035994
- http://www.ubuntu.com/usn/USN-3093-1
- https://github.com/vrtadmin/clamav-devel/blob/master/ChangeLog
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/90968
- http://www.securitytracker.com/id/1035993
- http://www.securitytracker.com/id/1035994
- http://www.ubuntu.com/usn/USN-3093-1
- https://github.com/vrtadmin/clamav-devel/blob/master/ChangeLog
FAQ
What is CVE-2016-1405?
CVE-2016-1405 is a vulnerability with a CVSS score of 7.5 (HIGH). libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before ...
How severe is CVE-2016-1405?
CVE-2016-1405 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1405?
Check the references section above for vendor advisories and patch information. Affected products include: Clamav Clamav, Cisco Email Security Appliance, Cisco Web Security Appliance.