Home page logo
/

isn logo Information Security News mailing list archives

Cisco fixes serious vulnerabilities in email, Web and content security appliances
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 28 Jun 2013 08:27:02 +0000 (UTC)

https://www.computerworld.com/s/article/9240406/Cisco_fixes_serious_vulnerabilities_in_email_Web_and_content_security_appliances

By Lucian Constantin
IDG News Service
June 27, 2013

Cisco Systems released security patches for its email, Web and content security appliances in order to address vulnerabilities that could allow attackers to execute commands on the underlying OS or disrupt critical processes.

The vulnerabilities affect different versions of the Cisco IronPort AsyncOS operating system that's used in the Cisco Content Security Management Appliance, the Cisco Email Security Appliance and the Cisco Web Security Appliance.

Releases 7.1 and prior, 7.3, 7.5 and 7.6 of the software in the Cisco Email Security Appliance are affected by three vulnerabilities, one that allows remote attackers to inject and execute commands with elevated privileges through the Web interface and two that could be used to crash the management graphical user interface (GUI) or the IronPort Spam Quarantine service and cause other critical processes to become unresponsive.

Exploiting the command injection vulnerability requires authentication via the Web interface with at least a low privilege account, but the denial-of-service vulnerabilities can be exploited remotely without authentication.

[...]



--
Visit the new and improved InfoSec News website
http://www.infosecnews.org/


  By Date           By Thread  

Current thread:
  • Cisco fixes serious vulnerabilities in email, Web and content security appliances InfoSec News (Jun 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault