Cisco fixes Web, email, content security appliance vulnerabilities

The networking giant has fixed a number of vulnerabilities that could allow hackers to remotely execute commands or disrupt critical processes.

Screen Shot 2013-06-27 at 11.58.59
Image: Dmitry Barsky/Flickr

Cisco has released patches for its networking appliance users and customers in order to address a number of security flaws.

The vulnerabilities affected the underlying Cisco IronPort AsyncOS software for a number of the company's different appliances, including Cisco's Web Security Appliance, Email Security Appliance, and its Content Security Management Appliance.

Read this

LinkedIn just one of thousands of sites hit by DNS issue: Cisco

Although LinkedIn bore the brunt of attention over a DNS issue that saw it drop off the web for hours, Cisco believes that almost 5,000 other sites were also affected.

Read More

Three vulnerabilities can now be fixed that relate to the Cisco Email Security Appliance with software versions 7.1 and older, 7.3, 7.5 and 7.6. One flaw allowed a remote code injection that allowed the execution of commands with elevated privileges. Another could cause critical processes to crash and become unresponsive, while the third could cause a denial of service condition by exploiting the user interface.

Cisco's Content Security Management Appliance with software versions 7.2 and older, 7.7, 7.8, 7.9, and 8.0 are also affected by the same remote code injection and denial of service vulnerabilities.

Meanwhile, the Cisco Web Security Appliance with software versions 7.1 and older, 7.5 and 7.7 can now be patched to prevent two vulnerabilities relating to an authenticated command injection flaw, and another that exploits the user interface to create denial of service conditions.

Customers with impacted hardware can receive the patches their devices and systems from their usual update channels.