—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Email Security Appliance Internal Testing Interface Vulnerability
Advisory ID: cisco-sa-20160922-esa
Revision 1.0
For Public Release 2016 September 22 16:00 UTC (GMT)
Summary
=======
A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device.
The vulnerability is due to the presence of a Cisco internal testing and debugging interface (intended for use during product manufacturing only) on customer-available software releases. An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an attacker to obtain complete control of an affected device with root-level privileges.
Cisco has confirmed the vulnerability; however, software updates are not currently available. This advisory will be updated with fixed software information when available. A workaround that mitigates this vulnerability is available.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa
—–BEGIN PGP SIGNATURE—–
iQIVAwUBV+P+c689gD3EAJB5AQI/BQ//W+L7eeuGgXXRHLRMiNAIDGGp0mJNgHDN
80gV4SgekN3sH3edvIl6kjwfnZv0sGciyNX9nBPF86bC92LG4n8H0y7XiR6DPynK
2nnLh+4RAsub/UK2UBiPDNSlxYKLBRCJlGx5HalJ0KiEd98QcizCDzMrMMK68YST
50gU/giCRYq4NeNySeSuFr/i+y2+jNkAKJ5bjX5XSJqrxeQIYMlR+K+v2Lykzedo
Kjx22pfXFWRVJpFslsEi2Jkjsd+/XI7Q5TZ/I6EVemMsWg3NhNKgtexvqk8tCW8/
d/mLEED3xE5sgjlhP/p21m6bMvujYWqBGNK3fp9zARYq4VFSzLvq6bfvLZb9Wg2h
ivTJbOJ6ZA2Opb927GIpKnh0NMU/I70l2h2mJKvvy9poahBVWBejSzyfWDQDTwFH
p0u8UsZfGHQNYTWe3o/BRTOXTBSjWmbFkmUvGVcfwXSNEVMoIts52bcLAC2/5Fhi
b/l7LZaIjDfL6FuKhCG7Bz5exFGXSIj1HHK6T3dSp8bnDKpdOWEhA+MkFFRn277b
GZWHWM+kTPnax/J9JtbFzjmqCxONmvBE9VXlZcOJ/v/5tJTKPDa0jHpJeHiM1eQA
3eXkqjM4p9xxY/IDvLtkd3Rqmr4Q7aKLnbLF21KmkXP6FMhYpNi0JvKxCDJn6hIw
ag7OyYxmpr4=
=KiWC
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com