Remote Code Execution Risk in Cisco AsyncOS for Email Security Appliance and Content Security Management Appliance
CVE-2014-2119

Currently unrated

Key Information:

Vendor
Cisco
Status
Ironport Asyncos
Content Security Management Appliance
Vendor
CVE Published:
21 March 2014

Summary

The End User Safelist/Blocklist (SLBL) service in Cisco AsyncOS software allows remote authenticated users to exploit FTP sessions, enabling them to upload a compromised SLBL database file. This could lead to arbitrary code execution with root privileges, compromising device security. Patching is essential to mitigate this risk.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.