Role Authorization Vulnerability in Cisco AsyncOS on Email Security and Content Management Appliances
CVE-2014-2195

Currently unrated

Key Information:

Vendor: Cisco
Status: Asyncos; Content Security Management Appliance; Email Security Appliance Firmware
Vendor: CVE Published:; 20 May 2014

Summary

An authorization vulnerability exists in Cisco AsyncOS software running on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices when Active Directory is enabled. This flaw arises from the improper handling of group names, which can be exploited by remote attackers to gain unauthorized role privileges through group-name similarity. This could lead to significant security risks, compromising the integrity of the affected systems.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1030258

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 20, 2014
Vulnerability Reserved
Feb 25, 2014