Cisco AsyncOS for Email Security Appliances Software Remote Code Execution (CSCug79377)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote security appliance is missing a vendor-supplied patch.

Description :

According to its self-reported version, the version of Cisco Email
Security Appliance running on the remote host is affected by a remote
code execution vulnerability due to a flaw in Cisco AsyncOS. An
authenticated attacker could potentially exploit this vulnerability to
execute arbitrary code with the privileges of the 'root' user.

Note: In order to exploit this vulnerability, the FTP service and
Safelist/Blocklist (SLBL) service must be enabled.

See also :

Solution :

Apply the relevant update referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 8.5
CVSS Temporal Score : 7.4
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 73210 ()

Bugtraq ID: 66309

CVE ID: CVE-2014-2119