Multiple Vulnerabilities in Cisco IronPort Encryption Appliance

Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges. There are workarounds available to mitigate these vulnerabilities.

Vulnerable Products

The following Cisco IronPort Encryption Appliance versions are affected by these vulnerabilities:

* Cisco IronPort Encryption Appliance 6.5 versions prior to 6.5.2
* Cisco IronPort Encryption Appliance 6.2 versions prior to 6.2.9.1
* Cisco IronPort PostX MAP versions prior to 6.2.9.1

The version of software that is running on a Cisco IronPort Encryption Appliance is located on the About page of the Cisco IronPort Encryption Appliance administration interface.

Products Confirmed Not Vulnerable

Cisco IronPort C, M, and S-Series appliances are not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100210-ironport.shtml.

Cisco Breaks New Ground in E-mail Security

Cisco IronPortCisco today announced new managed, hosted and hybrid hosted e-mail security services that provide the industry’s most versatile set of e-mail protection offerings. As businesses demand greater agility and flexibility in how they collaborate, the Cisco® IronPort® Email Security services are aimed at providing them with complete choice and control over where their e-mail security is deployed and managed, whether it be on premise, off-site, in the cloud or a combination of the three.

Cisco IronPort Email Security services are a highlight of Cisco innovation, leadership and execution. Building on industry-leading IronPort email security technology, these services help organizations vigilantly defend their communications lifeline against spam, viruses, phishing and a wide variety of other threats.

New additions to the Cisco IronPort Email Security service portfolio deliver high-performance email security in dedicated hosted and hybrid hosted form factors. These services are based on the same platform that protects 40 percent of Fortune 1000 companies and provides organizations with the opportunity to select the email security infrastructure that is best for them – security leadership with choice, backed by email security experts. Depending upon business needs, customers can choose one of many deployment options, including on premises, hosted and hybrid hosted. Regardless of the deployment model, customers get the benefits of hardware capacity assurance, predictable budgetary planning and simplified management. Backed by industry-leading support and corporate stability, Cisco IronPort Email Security services help organizations worldwide protect and manage their email infrastructures.

Read the full story on cisco.com…