[ISN] Cisco fixes serious vulnerabilities in email, Web and content security appliances

https://www.computerworld.com/s/article/9240406/Cisco_fixes_serious_vulnerabilities_in_email_Web_and_content_security_appliances By Lucian Constantin IDG News Service June 27, 2013 Cisco Systems released security patches for its email, Web and content security appliances in order to address vulnerabilities that could allow attackers to execute commands on the underlying OS or disrupt critical processes. The vulnerabilities affect different versions of the Cisco IronPort AsyncOS operating system that’s used in the Cisco Content Security Management Appliance, the Cisco Email Security Appliance and the Cisco Web Security Appliance. Releases 7.1 and prior, 7.3, 7.5 and 7.6 of the software in the Cisco Email Security Appliance are affected by three vulnerabilities, one that allows remote attackers to inject and execute commands with elevated privileges through the Web interface and two that could be used to crash the management graphical user interface (GUI) or the IronPort Spam Quarantine service and cause other critical processes to become unresponsive. Exploiting the command injection vulnerability requires authentication via the Web interface with at least a low privilege account, but the denial-of-service vulnerabilities can be exploited remotely without authentication. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail