Thursday, September 22, 2016

Cisco Email Security Appliance Internal Testing Interface Vulnerability

A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device.

The vulnerability is due to the presence of a Cisco internal testing and debugging interface (intended for use during product manufacturing only) on customer-available software releases. An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an attacker to obtain complete control of an affected device with root-level privileges.

Cisco has confirmed the vulnerability; however, software updates are not currently available. This advisory will be updated with fixed software information when available. A workaround that mitigates this vulnerability is available.

This advisory is available at the following link:
http://ift.tt/2ddRKwD A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device.

The vulnerability is due to the presence of a Cisco internal testing and debugging interface (intended for use during product manufacturing only) on customer-available software releases. An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an attacker to obtain complete control of an affected device with root-level privileges.

Cisco has confirmed the vulnerability; however, software updates are not currently available. This advisory will be updated with fixed software information when available. A workaround that mitigates this vulnerability is available.

This advisory is available at the following link:
http://ift.tt/2ddRKwD
Security Impact Rating: Critical
CVE: CVE-2016-6406

from Cisco Security Advisory http://ift.tt/2ddRKwD

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.