Cisco AsyncOS Software Code Execution Vulnerability

2014-03-1916:00:00

tools.cisco.com

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.002

Percentile

57.1%

JSON

Cisco AsyncOS Software for Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) contain a vulnerability that could allow an authenticated remote attacker to execute arbitrary code with the privileges of the root user.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos”]

Affected configurations

Vulners

Node

ciscoemail_security_applianceMatchany

ciscocontent_security_management_applianceMatchany

ciscoemail_security_applianceMatchany

ciscocontent_security_management_applianceMatchany

VendorProductVersionCPE
ciscoemail_security_applianceanycpe:2.3:h:cisco:email_security_appliance:any:*:*:*:*:*:*:*
ciscocontent_security_management_applianceanycpe:2.3:h:cisco:content_security_management_appliance:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	email_security_appliance	any	cpe:2.3:h:cisco:email_security_appliance:any:::::::*
cisco	content_security_management_appliance	any	cpe:2.3:h:cisco:content_security_management_appliance:any:::::::*