Vulnerability Discovered in Cisco Email Security Appliance Could Allow a Remote Attacker to Take Control of the System.

ITS Advisory Number: 
2016-166
Date(s) Issued: 
Thursday, September 29, 2016
Subject: 
Vulnerability Discovered in Cisco Email Security Appliance Could Allow a Remote Attacker to Take Control of the System.
Overview: 

A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device. The vulnerability is due to the presence of a Cisco internal testing and debugging interface (intended for use during product manufacturing only) on customer-available software releases. An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an attacker to obtain complete control of an affected device with root-level privileges.

 

Systems Affected: 

Cisco ESA physical and virtual devices running any of the following software releases are affected by this vulnerability:

  • 9.1.2-023
  • 9.1.2-028
  • 9.1.2-036
  • 9.7.2-046
  • 9.7.2-047
  • 9.7.2-054
  • 10.0.0-124
  • 10.0.0-125
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
N/A
Description: 

A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device.

Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

An exploit could allow an attacker to obtain complete control of an affected device with root-level privileges.

To determine whether a vulnerable version of Cisco AsyncOS Software is running on a Cisco ESA, administrators can use the version command in the ESA command-line interface (CLI). The following example shows the results for a device running Cisco AsyncOS Software version 8.5.7-044:
ciscoesa> version
Current Version
===============
Product: Cisco IronPort X1070 Messaging Gateway(tm) Appliance
Model: X1070
Version: 8.5.7-044

Actions: 
  • After appropriate testing, install applicable updates provided by Cisco to the affected systems.
  • Verify no unauthorized system modifications have occurred on the system prior to applying the patch.
  • Monitor intrusion detection systems for any signs of anomalous activity.
  • Unless required, limit external network access to affected products.