CVE-2009-0055

Name of the Vulnerable Software and Affected Versions Cisco IronPort Encryption Appliance versions 6.2.4 through 6.2.4.1.1 Cisco IronPort Encryption Appliance version 6.2.5 Cisco IronPort Encryption Appliance version 6.2.6 Cisco IronPort Encryption Appliance versions 6.2.7 through 6.2.7.7 Cisco IronPort Encryption Appliance versions 6.3 through 6.3.0.4 Cisco IronPort Encryption Appliance versions 6.5 through 6.5.0.2 Cisco IronPort PostX versions 6.2.1 through 6.2.1.1 Cisco IronPort PostX versions 6.2.2 through 6.2.2.3

Description A cross-site request forgery (CSRF) issue exists in the administration interface, allowing remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.

Recommendations For Cisco IronPort Encryption Appliance version 6.2.4, update to version 6.2.4.1.1 or later. For Cisco IronPort Encryption Appliance version 6.2.5, update to a later version. For Cisco IronPort Encryption Appliance version 6.2.6, update to a later version. For Cisco IronPort Encryption Appliance version 6.2.7, update to version 6.2.7.7 or later. For Cisco IronPort Encryption Appliance version 6.3, update to version 6.3.0.4 or later. For Cisco IronPort Encryption Appliance version 6.5, update to version 6.5.0.2 or later. For Cisco IronPort PostX version 6.2.1, update to version 6.2.1.1 or later. For Cisco IronPort PostX version 6.2.2, update to version 6.2.2.3 or later.