Detections
Analytics
Multiple Vulnerabilities in Cisco Email Security Appliance (cisco-sa-20130626-esa)
critical Nessus Plugin ID 69076
Language:
Synopsis
The remote security appliance is missing a vendor-supplied security patch.Description
According to its self-reported version, the Cisco AsyncOS running on the remote Cisco Email Security (ESA) appliance is affected by multiple vulnerabilities :- An unspecified vulnerability exists in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands. (CVE-2013-3384)
- A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive.
(CVE-2013-3385)
- A denial of service vulnerability exists in the management GUI that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3386)
Solution
Apply the relevant update referenced in Cisco Security Advisory cisco-sa-20130626-esa.See Also
Plugin Details
Severity: Critical
ID: 69076
File Name: cisco-sa-20130626-esa.nasl
Version: 1.7
Type: local
Family: CISCO
Published: 7/26/2013
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 6.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/h:cisco:email_security_appliance, cpe:/o:cisco:email_security_appliance_firmware
Required KB Items: Host/AsyncOS/Cisco Email Security Appliance/DisplayVersion, Host/AsyncOS/Cisco Email Security Appliance/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 6/26/2013
Vulnerability Publication Date: 6/26/2013
Reference Information
CVE: CVE-2013-3384, CVE-2013-3385, CVE-2013-3386
CISCO-SA: cisco-sa-20130626-esa
CISCO-BUG-ID: CSCzv25573, CSCzv44633, CSCzv63329