https://www.computerworld.com/s/article/9240406/Cisco_fixes_serious_vulnerabilities_in_email_Web_and_content_security_appliances
By Lucian Constantin
IDG News Service
June 27, 2013
Cisco Systems released security patches for its email, Web and content
security appliances in order to address vulnerabilities that could allow
attackers to execute commands on the underlying OS or disrupt critical
processes.
The vulnerabilities affect different versions of the Cisco IronPort
AsyncOS operating system that's used in the Cisco Content Security
Management Appliance, the Cisco Email Security Appliance and the Cisco Web
Security Appliance.
Releases 7.1 and prior, 7.3, 7.5 and 7.6 of the software in the Cisco
Email Security Appliance are affected by three vulnerabilities, one that
allows remote attackers to inject and execute commands with elevated
privileges through the Web interface and two that could be used to crash
the management graphical user interface (GUI) or the IronPort Spam
Quarantine service and cause other critical processes to become
unresponsive.
Exploiting the command injection vulnerability requires authentication via
the Web interface with at least a low privilege account, but the
denial-of-service vulnerabilities can be exploited remotely without
authentication.
[...]
--
Visit the new and improved InfoSec News website
http://www.infosecnews.org/
