Cisco fixes Web, email, content security appliance vulnerabilities

Cisco fixes Web, email, content security appliance vulnerabilities

Summary: The networking giant has fixed a number of vulnerabilities that could allow hackers to remotely execute commands or disrupt critical processes.

SHARE:
TOPICS: Security, Cisco
0
Screen Shot 2013-06-27 at 11.58.59
(Image: Dmitry Barsky/Flickr)

Cisco has released patches for its networking appliance users and customers in order to address a number of security flaws.

The vulnerabilities affected the underlying Cisco IronPort AsyncOS software for a number of the company's different appliances, including Cisco's Web Security Appliance, Email Security Appliance, and its Content Security Management Appliance.

Three vulnerabilities can now be fixed that relate to the Cisco Email Security Appliance with software versions 7.1 and older, 7.3, 7.5 and 7.6. One flaw allowed a remote code injection that allowed the execution of commands with elevated privileges. Another could cause critical processes to crash and become unresponsive, while the third could cause a denial of service condition by exploiting the user interface.

Cisco's Content Security Management Appliance with software versions 7.2 and older, 7.7, 7.8, 7.9, and 8.0 are also affected by the same remote code injection and denial of service vulnerabilities.

Meanwhile, the Cisco Web Security Appliance with software versions 7.1 and older, 7.5 and 7.7 can now be patched to prevent two vulnerabilities relating to an authenticated command injection flaw, and another that exploits the user interface to create denial of service conditions.

Customers with impacted hardware can receive the patches their devices and systems from their usual update channels.

Topics: Security, Cisco

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion