Cisco Patches AsyncOS Code Execution Vulnerability

Cisco fixed serious vulnerabilities this week in its email and content security management products that could have let an attacker execute code with privileges of the root user.

Cisco fixed serious vulnerabilities this week in its email and content security management products that could have let an attacker execute code with the privileges of the root user.

The company pushed a fix for its AsyncOS Software in both its Email Security Appliance (ESA) and the Content Security Management Appliance (SMA) products Thursday. According to an advisory, until patched all versions of the products are considered vulnerable as they both run a version of AsyncOS that could be exploited through FTP.

“The vulnerability is due to insufficient validation of the SLBL database file. An attacker could exploit this vulnerability by substituting a valid SLBL database file with a tampered file,” the advisory says.

That file could be rigged to include shell code that could later be executed, provided that FTP and Safelist/Blocklist (SLBL) are enabled, in turn granting the attacker the right to execute arbitrary code on the system with the privileges of the root user.

While users could disable both the FTP service and the SLBL service – this could prevent the SLBL database with getting replaced with a malicious one – there are no real workarounds.

Updates that resolve the vulnerability can be obtained through Cisco’s regular update channel.

Cisco’s ESA allows email management and incorporates antivirus and encryption while SMA aggregates employees run-time data and helps oversee the company’s email products and its web security appliances.

Suggested articles