CVE-2016-1423
Last modified
CVE-2016-1423 is a vulnerability of currently unknown severity. A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. EPSS estimates a 1.54% chance of exploitation in the next 30 days.
Description
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Email Security Appliance | 8.9.0 |
| Cisco | Email Security Appliance | 8.9.1-000 |
| Cisco | Email Security Appliance | 8.9.2-032 |
| Cisco | Email Security Appliance | 9.0.0 |
| Cisco | Email Security Appliance | 9.0.0-212 |
| Cisco | Email Security Appliance | 9.0.0-461 |
| Cisco | Email Security Appliance | 9.0.5-000 |
| Cisco | Email Security Appliance | 9.1.0 |
| Cisco | Email Security Appliance | 9.1.0-011 |
| Cisco | Email Security Appliance | 9.1.0-032 |
| Cisco | Email Security Appliance | 9.1.0-101 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-1423?
How severe is CVE-2016-1423?
How do I fix CVE-2016-1423?
Are you affected by CVE-2016-1423?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST