-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Email Security Appliance Internal Testing 
Interface Vulnerability

Advisory ID: cisco-sa-20160922-esa

Revision 1.0

For Public Release 2016 September 22 16:00 UTC (GMT)

Summary
=======
A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances 
(ESA) could allow an unauthenticated, remote attacker to obtain complete 
control of an affected device.

The vulnerability is due to the presence of a Cisco internal testing and 
debugging interface (intended for use during product manufacturing only) on 
customer-available software releases. An attacker could exploit this 
vulnerability by connecting to this testing and debugging interface. An exploit 
could allow an attacker to obtain complete control of an affected device with 
root-level privileges.

Cisco has confirmed the vulnerability; however, software updates are not 
currently available. This advisory will be updated with fixed software 
information when available. A workaround that mitigates this vulnerability is 
available.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa

-----BEGIN PGP SIGNATURE-----

iQIVAwUBV+P+c689gD3EAJB5AQI/BQ//W+L7eeuGgXXRHLRMiNAIDGGp0mJNgHDN
80gV4SgekN3sH3edvIl6kjwfnZv0sGciyNX9nBPF86bC92LG4n8H0y7XiR6DPynK
2nnLh+4RAsub/UK2UBiPDNSlxYKLBRCJlGx5HalJ0KiEd98QcizCDzMrMMK68YST
50gU/giCRYq4NeNySeSuFr/i+y2+jNkAKJ5bjX5XSJqrxeQIYMlR+K+v2Lykzedo
Kjx22pfXFWRVJpFslsEi2Jkjsd+/XI7Q5TZ/I6EVemMsWg3NhNKgtexvqk8tCW8/
d/mLEED3xE5sgjlhP/p21m6bMvujYWqBGNK3fp9zARYq4VFSzLvq6bfvLZb9Wg2h
ivTJbOJ6ZA2Opb927GIpKnh0NMU/I70l2h2mJKvvy9poahBVWBejSzyfWDQDTwFH
p0u8UsZfGHQNYTWe3o/BRTOXTBSjWmbFkmUvGVcfwXSNEVMoIts52bcLAC2/5Fhi
b/l7LZaIjDfL6FuKhCG7Bz5exFGXSIj1HHK6T3dSp8bnDKpdOWEhA+MkFFRn277b
GZWHWM+kTPnax/J9JtbFzjmqCxONmvBE9VXlZcOJ/v/5tJTKPDa0jHpJeHiM1eQA
3eXkqjM4p9xxY/IDvLtkd3Rqmr4Q7aKLnbLF21KmkXP6FMhYpNi0JvKxCDJn6hIw
ag7OyYxmpr4=
=KiWC
-----END PGP SIGNATURE-----
_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to