Cisco closes critical holes in IronPort Appliances
Cisco warns of critical holes in its IronPort Encryption Appliances which allow attackers, without authentication, to remotely read out data as well as inject and execute arbitrary code. According to the vendor, all the holes are contained in the embedded web servers of these products. Two flaws in the administration interface and in the WebSafe servlet enable attackers to access files, while an unspecified flaw in the HTTPS server allows the execution of malicious code at escalated privilege levels.
The affected products are:
- Cisco IronPort Encryption Appliance 6.5
- Cisco IronPort Encryption Appliance 6.2
- Cisco IronPort PostX MAP
Cisco say that the IronPort series C, M and S Appliances are not affected. The vendor has made updates 6.2.9.1 and 6.5.2 available for the vulnerable products. As a workaround, users are advised to filter Appliance access or disable the HTTP invoker. The original advisory contains instructions for the latter.
See also:
- Multiple Vulnerabilities in Cisco IronPort Encryption Appliance, advisory from Cisco.
(djwm)