1. Home
  2. CVE Database
  3. CVE-2016-6416
MEDIUM · 5.9

CVE-2016-6416

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Managemen...

Vulnerability Description

The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CiscoContent Security Management Appliance9.1.0
CiscoEmail Security Appliance9.6.0-000
CiscoWeb Security Appliance9.0.0-162

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2016-6416?

CVE-2016-6416 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Managemen...

How severe is CVE-2016-6416?

CVE-2016-6416 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-6416?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Content Security Management Appliance, Cisco Email Security Appliance, Cisco Web Security Appliance.