Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2119

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2014-2119
Last Modified 21 Mar 2014 10:13:32
Published 20 Mar 2014 09:04:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-2119

Summary

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.

Vulnerable Systems

Operating System

  • Cisco Ironport Asyncos 7.6.2-201

  • Cisco Ironport Asyncos 7.9.1-039

  • Cisco Ironport Asyncos 8.0

  • Cisco Ironport Asyncos 8.0.1

  • Cisco Ironport Asyncos 8.1


References

CISCO - 20140319 Cisco AsyncOS Software Code Execution Vulnerability


Last Updated: 27 May 2016 11:04:45