==================================================================== CERT-Renater Note d'Information No. 2016/VULN336 _____________________________________________________________________ DATE : 23/09/2016 HARDWARE PLATFORM(S): Cisco Email Security Appliance. OPERATING SYSTEM(S): Cisco Email Security Appliance software. ===================================================================== http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa ____________________________________________________________________ Cisco Security Advisory: Cisco Email Security Appliance Internal Testing Interface Vulnerability Advisory ID: cisco-sa-20160922-esa Revision 1.0 For Public Release 2016 September 22 16:00 UTC (GMT) Summary ======= A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device. The vulnerability is due to the presence of a Cisco internal testing and debugging interface (intended for use during product manufacturing only) on customer-available software releases. An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an attacker to obtain complete control of an affected device with root-level privileges. Cisco has confirmed the vulnerability; however, software updates are not currently available. This advisory will be updated with fixed software information when available. A workaround that mitigates this vulnerability is available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================