Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges. There are workarounds available to mitigate these vulnerabilities.
Vulnerable Products
The following Cisco IronPort Encryption Appliance versions are affected by these vulnerabilities:
* Cisco IronPort Encryption Appliance 6.5 versions prior to 6.5.2
* Cisco IronPort Encryption Appliance 6.2 versions prior to 6.2.9.1
* Cisco IronPort PostX MAP versions prior to 6.2.9.1
The version of software that is running on a Cisco IronPort Encryption Appliance is located on the About page of the Cisco IronPort Encryption Appliance administration interface.
Products Confirmed Not Vulnerable
Cisco IronPort C, M, and S-Series appliances are not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100210-ironport.shtml.