CVE-2009-0056

Name of the Vulnerable Software and Affected Versions Cisco IronPort Encryption Appliance versions 6.2.4 through 6.2.4.1.1 Cisco IronPort Encryption Appliance versions 6.2.5 through 6.2.6 Cisco IronPort Encryption Appliance versions 6.2.7 through 6.2.7.7 Cisco IronPort Encryption Appliance versions 6.3 through 6.3.0.4 Cisco IronPort Encryption Appliance versions 6.5 through 6.5.0.2 Cisco IronPort PostX versions 6.2.1 through 6.2.1.1 Cisco IronPort PostX versions 6.2.2 through 6.2.2.3

Description A cross-site request forgery (CSRF) issue exists in the administration interface, allowing remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action.

Recommendations For Cisco IronPort Encryption Appliance version 6.2.4, update to version 6.2.4.1.1 or later. For Cisco IronPort Encryption Appliance version 6.2.5, update to a version after 6.2.6 or later. For Cisco IronPort Encryption Appliance version 6.2.7, update to version 6.2.7.7 or later. For Cisco IronPort Encryption Appliance version 6.3, update to version 6.3.0.4 or later. For Cisco IronPort Encryption Appliance version 6.5, update to version 6.5.0.2 or later. For Cisco IronPort PostX version 6.2.1, update to version 6.2.1.1 or later. For Cisco IronPort PostX version 6.2.2, update to version 6.2.2.3 or later.