This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote security appliance is missing a vendor-supplied patch.
According to its self-reported version, the version of Cisco Email
Security Appliance running on the remote host is affected by a remote
code execution vulnerability due to a flaw in Cisco AsyncOS. An
authenticated attacker could potentially exploit this vulnerability to
execute arbitrary code with the privileges of the 'root' user.
Note: In order to exploit this vulnerability, the FTP service and
Safelist/Blocklist (SLBL) service must be enabled.
See also :
Apply the relevant update referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 8.5
CVSS Temporal Score : 7.4
Public Exploit Available : false