关键漏洞信息 ###漏洞概述 Advisory ID: cisco-sa-20160727-esa Severity: Medium CVE ID: CVE-2016-1461 CWE ID: CWE-20 First Published: 2016 July 27 16:00 GMT Last Updated: 2019 April 9 15:42 GMT CISCO Bug IDs: CSCuz14932, CSCvo34734 CVSS: Base 5.0, Temporal 4.8 影响的产品 All releases of Cisco AsyncOS for Cisco Email Security Appliance (ESA) that precede the first fixed release are affected. 解决方案 No workarounds are available for this vulnerability. Cisco provides information about fixed software in Cisco bugs, which can be accessed through the Cisco Bug Search Tool. 漏洞详情 A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance (ESA). Impact: Fails to detect and act upon a specific type of file that is attached to an email message (e.g. malicious attachments). Exploitation: A remote attacker could exploit this vulnerability by sending an emailmessage with a crafted attachment to an affected appliance.