Cisco issues security advisory on security appliance

IronPort devices have multiple vulnerabilities

Cisco this week issued a security advisory on its IronPort encryption appliances. The appliances contain two vulnerabilities: one that allows remote, unauthenticated access to any file on the device;  and another that allows remote, unauthenticated users to execute arbitrary code with elevated privileges.

There are workarounds available to mitigate these vulnerabilities, and Cisco says it has released free software updates that address these vulnerabilities.

The affected appliances are the IronPort Encryption Appliance 6.5 versions prior to 6.5.2; IronPort Encryption Appliance 6.2 versions prior to; and IronPort PostX MAP versions prior to

Attackers can gain access to arbitrary files on vulnerable devices via the embedded HTTPS server and the WebSafe servlet. Attackers can also run arbitrary code with elevated privileges on vulnerable devices via the embedded HTTPS server.

Cisco says it is not aware of any public announcements or malicious use of the vulnerabilities. The company acquired IronPort in 2007.

More from Cisco Subnet:

This is Network World's Cisco Subnet news alert in which we focus on the top items from Cisco Subnet, your source for Cisco news, blogs, discussion items, security alerts, giveaways and more.

Cisco said to be readying major upgrade to CRS-1The scoop on the New TSHOOT Course and Exam

Cisco shipping 160G Ethernet card for ASR 9000

Another analyst sees Cisco UCS deployment delays

If Cisco buys you, you're 1 in 100

IPv4 Space is Getting Low - Really Low

Win one of 50 CCNP training books, videos and Cert Kits

Win great stuff from Cisco SubnetCisco Alert newsletter.Like RSS readers? Subscribe to the Cisco Subnet RSS feed

Like e-mail? Subscribe to the

Follow all Cisco Subnet bloggers on Twitter.Follow Jim Duffy on Twitter 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.