Cross-Site Request Forgery Vulnerability in Cisco IronPort Encryption Appliance and PostX
CVE-2009-0056

Currently unrated

Key Information:

Vendor: Cisco
Status: Ironport Encryption Appliance; Ironport Postx
Vendor: CVE Published:; 16 January 2009

What is CVE-2009-0056?

A cross-site request forgery vulnerability exists in the administration interface of Cisco IronPort Encryption Appliance and PostX products, allowing remote attackers to perform unauthorized actions. By exploiting this flaw, attackers may be able to execute arbitrary commands and alter appliance settings, potentially compromising the configuration and security of affected systems.

References

http://www.securityfocus.com/bid/33268

vdb-entryx_refsource_BID

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://osvdb.org/51398

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2009
Vulnerability Reserved
Jan 7, 2009