Cisco AsyncOS for Content Security Management Appliances Software Remote Code Execution (CSCug80118)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote security appliance is missing a vendor-supplied patch.

Description :

According to its self-reported version, the version of Cisco Content
Security Management Appliance running on the remote host is affected
by a remote code execution vulnerability due to a flaw in Cisco
AsyncOS. An authenticated attacker could potentially exploit this
vulnerability to execute arbitrary code with the privileges of the
'root' user.

Note: In order to exploit this vulnerability, the FTP service and
Safelist/Blocklist (SLBL) service must be enabled.

See also :

Solution :

Apply the relevant update referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 8.5
CVSS Temporal Score : 7.4
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 73211 ()

Bugtraq ID: 66309

CVE ID: CVE-2014-2119