Cisco Email Security Appliance Multiple Vulnerabilities

2013-06-26 / 2013-06-27
Credit: CISCO
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Email Security Appliance Advisory ID: cisco-sa-20130626-esa Revision 1.0 For Public Release 2013 June 26 16:00 UTC (GMT) +------------------------------------------------------------------------------ Summary ======= Cisco IronPort AsyncOS Software for Cisco Email Security Appliance is affected by the following vulnerabilities: * Web Framework Authenticated Command Injection Vulnerability * IronPort Spam Quarantine Denial of Service Vulnerability * Management GUI Denial of Service Vulnerability Successful exploitation of the Web Framework Authenticated Command Injection Vulnerability could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. Successful exploitation of either of the two denial of service vulnerabilities may cause several critical processes to become unresponsive and make the affected system unstable. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa

References:

http://seclists.org/fulldisclosure/2013/Jun/207
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top