Published: 21/03/2014 Updated: 30/10/2018

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

VMScore: 756

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) prior to 7.6.3-023 and 8.x prior to 8.0.1-023 and Cisco Content Security Management Appliance (SMA) prior to 7.9.1-110 and 8.x prior to 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ironport_asyncos 8.0
cisco ironport_asyncos
cisco ironport_asyncos 8.1
cisco ironport_asyncos 8.0.1
cisco content_security_management_appliance -
cisco email_security_appliance_firmware -

Cisco AsyncOS Software for Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) contain a vulnerability that could allow an authenticated remote attacker to execute arbitrary code with the privileges of the root user Cisco has released software updates that address this vulnerability Workarounds that mitigate this ...

CWE-264 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2119

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect