This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA or services scanning content of web access on the WSA.

The following example shows a configured message filter to scan files with .zip or .exe attachments:Test_Attachment_Rules:    if attachment-filename == “(?i)\\.zip$” { log-entry(“Rule attachment-filename found a .zip file”); }    if attachment-filename == “(?i)\\.exe$” { log-entry(“Rule attachment-filename found a .exe file”); }    if attachment-filetype == “Compressed” { log-entry(“Rule attachment-filetype found type Compressed”); }    if attachment-filetype == “Executable” { log-entry(“Rule attachment-filetype found type Executable”); }To determine which release of Cisco AsyncOS Software is running on an ESA, administrators can use the version command in the CLI.

The following example shows the output of the version command for an ESA running Cisco AsyncOS Software Release 8.5.7-044:

ciscoesa> version

Current Version
===============
Product: Cisco IronPort X1070 Messaging Gateway(tm) Appliance
Model: X1070
Version: 8.5.7-044
.
.
.

Note that Cisco provides regular maintenance of products in the Cisco Cloud Email Security (CES) service solution, which includes Cisco Email Security Appliances and Cisco Content Security Management Appliances.

Customers can also request a software upgrade by contacting Cisco CES support.To determine whether a vulnerable version of Cisco AsyncOS Software is running on a Cisco WSA, administrators can use the version command in the WSA CLI.

The following example shows the results for an appliance running Cisco AsyncOS Software version 8.5.3-051:
ciscowsa> versionCurrent Version===============Product: Cisco IronPort S670 Web Security ApplianceModel: S670Version: 8.5.3-051…

The following products are not vulnerable:Cisco Security Mail Appliance, both virtual and hardware versions

No other Cisco products are currently known to be affected by this vulnerability.

Leave a Reply