=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN071
_____________________________________________________________________

DATE                : 21/03/2014

HARDWARE PLATFORM(S): Cisco Email Security Appliance (ESA),
                      Cisco Content Security Management Appliance (SMA).

OPERATING SYSTEM(S): Cisco AsyncOS Software.

======================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos
______________________________________________________________________

Cisco AsyncOS Software Code Execution Vulnerability

Advisory ID: cisco-sa-20140319-asyncos

Revision 1.0

For Public Release 2014 March 19 16:00  UTC (GMT)

Summary
=======

Cisco AsyncOS Software for Email Security Appliance (ESA) and Cisco
Content Security Management Appliance (SMA) contain a vulnerability that
could allow an authenticated remote attacker to execute arbitrary code
with the privileges of the root user.

Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================