[c-nsp] Cisco Security Advisory: Cisco AsyncOS Software Code Execution Vulnerability
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed Mar 19 12:11:51 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco AsyncOS Software Code Execution Vulnerability
Advisory ID: cisco-sa-20140319-asyncos
Revision 1.0
For Public Release 2014 March 19 16:00 UTC (GMT)
Summary
=======
Cisco AsyncOS Software for Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) contain a vulnerability that could allow an authenticated remote attacker to execute arbitrary code with the privileges of the root user.
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTKb4hAAoJEIpI1I6i1Mx35cMP/0ljzKTeBLaUxTB6AKLpxOuF
Y3VMZDN/qb5VTUbZ4aiEbN24xkIgtTJnR9kXG4qOQLRX1goJuNJ2nMaX9pCm2k9v
hxgIAZaKT1HAyQgculAeAUxXvYAUC1kQKXRpBUWDdsu0vtBo4eN+y8OucjIXxOOH
3d3mXWmxyzMQBtD+HTmwLR+J4qqSePJ0WIrm9m11oj5GN2DRAVKWZ/e7il9X4gwh
Ivx6w5MS1l11DhF6l+uXl9J9cRd5QjF0aytUkfnYO/VNr8HWgGObQL/sLkWx6PJ7
s6heSPwDCSfRioHBORbX3b8uncS0A868vE+GH1IEgpLnHeUbDcdvQg1pMHkNEGE4
pxIOueLAifV0/sNQuTYBhvVKz5Hub4Hxy/oRFg+kxrgZmC9acsYDyjDZQjwaImCC
q4MXkm6ZqaEdZsjuTrYloD3jk8kb6gD7wPq9mhOas8hisbg0Ahc0TGWtH4Lg/Mh8
UupyGSHMmjXHGgbyI1PUINy64KiCJ3rqSucbxSDHZyZmVKx1BWG1s2asvFoExZSI
ThPol4FEJDBiQ+YIpxtDUhF/R+nCPSPb+9+QnsnPcyHjYfCbBjDC1Ym38hrRUgnt
PHiaa9THdLd/cCnJmkRV6BzkqZIoTsUJxKfQA9u+KjW8OdlBthet2WaAhTcEqHdU
RpiqMIrhjhVpenDg+sze
=42JL
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list