Multiple Vulnerabilities in Cisco IronPort Encryption Appliance

Related Vulnerabilities: CVE-2010-0143   CVE-2010-0144   CVE-2010-0145  

Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges. There are workarounds available to mitigate these vulnerabilities. This advisory is posted at Recently it was brought to Cisco's attention that additional methods to exploit these vulnerabilities could be used. Because of the lifecycle of this product, no more software versions will be published. Please refer to the End-of-Sale and End-of-Life Announcement for the Cisco IronPort Encryption Appliance and the Cisco End-of-Life Policy. However, the workarounds explained in this advisory are applicable and are addressing those vulnerabilities.