Cisco AsyncOS for Content Security Management Appliances Software Remote Code Execution (CSCug80118)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote security appliance is missing a vendor-supplied patch.

Description :

According to its self-reported version, the version of Cisco Content
Security Management Appliance running on the remote host is affected
by a remote code execution vulnerability due to a flaw in Cisco
AsyncOS. An authenticated attacker could potentially exploit this
vulnerability to execute arbitrary code with the privileges of the
'root' user.

Note: In order to exploit this vulnerability, the FTP service and
Safelist/Blocklist (SLBL) service must be enabled.

See also :

http://www.nessus.org/u?b22bd304

Solution :

Apply the relevant update referenced in Cisco Security Advisory
cisco-sa-20140319-asyncos.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 73211 ()

Bugtraq ID: 66309

CVE ID: CVE-2014-2119