Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), Cisco Email Security Appliance (ESA), and Cisco Content Security Management Appliance (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

Note: This security advisory has been updated to include important information about Cisco WSA

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport

Leave a Reply