-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0008 Title: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability [1] Version history: 27.01.2012 Initial publication Summary ======= Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Security Management Appliances (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges [1]. CVSS v2 Base Score: 10.0 (CRITICAL) (AV:N/AC:L/Au:N/C:C/I:C/A:C) [3,4] Remote: Yes Credibility: Vendor Confirmed Complexity: Low Vulnerable systems ================== The following Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Security Management Appliances (SMA) are affected by this vulnerability: * Cisco IronPort Email Security Appliance (C-Series and X-Series)versions prior to 7.6.0 * Cisco IronPort Security Management Appliance (M-Series) versions prior to 7.8.0 Details ======= The Cisco IronPort ESA provides email management and protection combining antispam, antivirus, encryption, digital rights management, and archiving technologies. The Cisco IronPort SMA is a flexible management tool designed to centralize and consolidate policy and runtime data, providing a single management interface for multiple Cisco IronPort security appliances. The Cisco IronPort ESA and the Cisco IronPort SMA run AsyncOS, a modified version of the FreeBSD kernel. These devices are affected by the FreeBSD telnetd remote code execution vulnerability documented by Common Vulnerabilities and Exposures (CVE) identifier CVE-2011-4862 [2]. This vulnerability could allow a remote, unauthenticated attacker to run arbitrary code with elevated privileges. What can you do? ================ Fixes for the vulnerability described in this advisory are not yet available; however, there are configuration workarounds [1] available that may eliminate the risk for most customers. Workarounds: By default, Telnet is configured on the Management port. Telnet services can be disabled to mitigate this vulnerability. Administrators can disable Telnet by using the administration graphical user interface (GUI) or by using the "interfaceconfig" command in the command-line interface (CLI). As a security best practice, customers should use Secure Shell (SSH) instead of Telnet. The details of applying the workarounds may be found in [1]. What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport [2] http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4862 [4] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJPIoGwOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4NtZhAAgyW/4Ama lKvj5vuxjlsGUj2/LJhSpIOExhkhBsnMtDdc35Y5MyONUVqBAfBLYaJ6+EFdNqn0 RrBaTAARF00IlEhUaHP2c0qYNj4dQDUGr9lxgEfnvfsqIa0axY2t21updhYQb6gS x9CqDX5RHzuPy3lknrsYnaCvKJyhCUY6V09zz+AsjzKv2DTJruEdVuWUdKQmGm52 WD632RKT2qxfrcaCwMmisfntkUVuI3rnDa9mNu+3e8Hl76C2jqshbRR04n5HDsel 9V3yMWFEMq1iOYLd5pPK1b2lkAh8XjV7INWIjT3nhgiCPiVj9rGMyfnWo9Lo/J4+ L0fWFBcoIBwPoGr0GgAASO3syaAAYdnj8GWK3M4mTwUiwy+SIC6YrrwYkGBebsTH dPcXHfuSpwdooXnxOJ/YPr9cLjoxjQaeNeMhmGpyi57ASuUzWwIYteABuFrIokzi uKFPMYWG2rxkJfO84ZVj1M4I6es1yQ2uQfRxg6kZtMljO8akV3h1GpmhtTyiw75K OlCbFaYQ1xgF1bvYcj772acvQllBwzMsGisgmLj59X+3F8iI4Cf6gkKC9HynNdfo m7AkNwtC0MhODOd8of21CUVazkAzIWLajG7w1bG8wdqGJmCGh9nbRnQHLVB8H0aG bWBHZUEr2TZgAC3nFGcpnOIYqTO6bZx8EYE= =LHpd -----END PGP SIGNATURE-----