Release date:
Updated on:
Affected Systems:
Cisco IronPort Encryption Appliance 6.x
Unaffected system:
Cisco IronPort Encryption Appliance 6.5.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52030
Cve id: CVE-2012-0340
IronPort is a widely used email encryption gateway that can seamlessly encrypt, decrypt, and sign confidential emails.
The IronPort encryption device has a cross-site scripting vulnerability. unauthenticated remote attackers can exploit this vulnerability to execute arbitrary script code in the browsers of the affected sites to steal authentication creden.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20120126-ironport) and patches for this:
Cisco-sa-20120126-ironport: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport