CVE-2016-9202

Name: CVE-2016-9202
Creator: NVD / NIST
Published: 2016-12-14T00:59:23.02+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.28%

Last modified Jun 17, 2026

CVE-2016-9202 is a vulnerability of currently unknown severity. A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. EPSS estimates a 1.28% chance of exploitation in the next 30 days.

Description

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066.

Metrics

EPSS Probability

1.28%

66.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Cisco	Email Security Appliance	9.1.1-036
Cisco	Email Security Appliance	9.1.2-023
Cisco	Email Security Appliance	9.1.2-028
Cisco	Email Security Appliance	9.1.2-036
Cisco	Email Security Appliance	9.4.0
Cisco	Email Security Appliance	9.4.4-000
Cisco	Email Security Appliance	9.5.0-000
Cisco	Email Security Appliance	9.5.0-201
Cisco	Email Security Appliance	9.6.0-000
Cisco	Email Security Appliance	9.6.0-042
Cisco	Email Security Appliance	9.6.0-051
Cisco	Email Security Appliance	9.7.0-125
Cisco	Email Security Appliance	9.7.1-066
Cisco	Email Security Appliance	9.7.2-046
Cisco	Email Security Appliance	9.7.2-047
Cisco	Email Security Appliance	9.7.2-054

References

http://www.securityfocus.com/bid/94799Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037423Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1Vendor Advisory
http://www.securityfocus.com/bid/94799Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037423Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1Vendor Advisory

Timeline

Published: Dec 14, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-9202?

How severe is CVE-2016-9202?

Severity scoring for CVE-2016-9202 is pending analysis. The EPSS model estimates a 1.28% probability of exploitation in the next 30 days.

How do I fix CVE-2016-9202?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-9202?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST