Cisco AsyncOS for Email Security Appliances Software Remote Code Execution (CSCug79377)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote security appliance is missing a vendor-supplied security
patch.

Description :

According to its self-reported version and configuration, the Cisco
AsyncOS running on the remote Cisco Email Security (ESA) appliance is
affected by a remote code execution vulnerability in the
Safelist/Blocklist (SLBL) function due to improper handling of SLBL
database files. An authenticated, remote attacker can exploit this
vulnerability to execute arbitrary code with the privileges of the
'root' user.

See also :

http://www.nessus.org/u?b22bd304

Solution :

Apply the relevant update referenced in Cisco Security Advisory
cisco-sa-20140319-asyncos.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 73210 ()

Bugtraq ID: 66309

CVE ID: CVE-2014-2119

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now