CVE-2014-2119

Currently unrated

Key Information:

Vendor: Cisco
Status: Ironport Asyncos; Content Security Management Appliance
Vendor: CVE Published:; 21 March 2014

Summary

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Mar 21, 2014
Vulnerability Reserved
Feb 25, 2014