PT-2014-1329 · Cisco · Cisco Asyncos For Content Security Management Appliance+1
Publicado
2014-03-20
·
Atualizado
2018-10-30
·
CVE-2014-2119
CVSS v2.0
8.5
Alta
| Vetor | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco AsyncOS for Email Security Appliance (ESA) versions prior to 7.6.3-023 and 8.0.1-023
Cisco AsyncOS for Content Security Management Appliance (SMA) versions prior to 7.9.1-110 and 8.1.1-013
Description
The issue allows remote authenticated users to execute arbitrary code with root privileges by uploading a modified SLBL database file via an FTP session. This affects the SLBL service in Cisco AsyncOS.
Recommendations
For Cisco AsyncOS for Email Security Appliance (ESA) versions prior to 7.6.3-023, update to version 7.6.3-023 or later.
For Cisco AsyncOS for Email Security Appliance (ESA) versions prior to 8.0.1-023, update to version 8.0.1-023 or later.
For Cisco AsyncOS for Content Security Management Appliance (SMA) versions prior to 7.9.1-110, update to version 7.9.1-110 or later.
For Cisco AsyncOS for Content Security Management Appliance (SMA) versions prior to 8.1.1-013, update to version 8.1.1-013 or later.
As a temporary workaround, consider restricting FTP access to prevent the upload of modified SLBL database files until a patch is applied.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Asyncos For Content Security Management Appliance
Cisco Asyncos For Email Security Appliance