Vulnslist

find the latest Cisco vulnerabilities

Cisco Email Security Appliance Internal Testing Interface Vulnerability

cisco-sa-20160922-esa · Critical · Published · Updated

A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device. The vulnerability is due to the presence of a Cisco internal testing and debugging interface (intended for use during product manufacturing only) on customer-available software releases. An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an attacker to obtain complete control of an affected device with root-level privileges. Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa

Cisco advisory ·CSAF JSON

Workarounds

The debugging and testing interface can be disabled by rebooting an affected device. In order to reboot an ESA device, issue the reboot command from the CLI. The interface will be permanently disabled and unavailable once the device has finished rebooting.

Customers concerned about the effectiveness of the workaround should open a support case with their support organization to verify the testing interface has effectively been disabled.

CVEsCVE-2016-6406
Cisco Bug IDsCSCvb26017
CVSS ScoreBase 10.0
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:C
Product Names From Source
Cisco Email Security Appliance (ESA), Cisco Secure Email

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2016-6406 Cisco OpenVuln
Cisco Secure Email CVE-2016-6406 Cisco OpenVuln
Cisco Email Security Appliance (ESA) CVE-2016-6406 Cisco OpenVuln