Cisco fixes Web, email, content security appliance vulnerabilities

Summary:The networking giant has fixed a number of vulnerabilities that could allow hackers to remotely execute commands or disrupt critical processes.

Screen Shot 2013-06-27 at 11.58.59
Image: <a href="">Dmitry Barsky</a>/Flickr

Cisco has released patches for its networking appliance users and customers in order to address a number of security flaws.

The vulnerabilities affected the underlying Cisco IronPort AsyncOS software for a number of the company's different appliances, including Cisco's Web Security Appliance, Email Security Appliance, and its Content Security Management Appliance.

Three vulnerabilities can now be fixed that relate to the Cisco Email Security Appliance with software versions 7.1 and older, 7.3, 7.5 and 7.6. One flaw allowed a remote code injection that allowed the execution of commands with elevated privileges. Another could cause critical processes to crash and become unresponsive, while the third could cause a denial of service condition by exploiting the user interface.

Cisco's Content Security Management Appliance with software versions 7.2 and older, 7.7, 7.8, 7.9, and 8.0 are also affected by the same remote code injection and denial of service vulnerabilities.

Meanwhile, the Cisco Web Security Appliance with software versions 7.1 and older, 7.5 and 7.7 can now be patched to prevent two vulnerabilities relating to an authenticated command injection flaw, and another that exploits the user interface to create denial of service conditions.

Customers with impacted hardware can receive the patches their devices and systems from their usual update channels.

Topics: Security, Cisco


Zack Whittaker is a writer-editor for ZDNet, and sister sites CNET and CBS News. He is based in the New York newsroom. His PGP key is: EB6CEEA5.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.