Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Embedded Server/Appliance)  >   Cisco Email Security Appliance Vendors:   Cisco
Cisco Email Security Appliance Internal Testing Interface Lets Remote Users Access the Target System with Root Privileges
SecurityTracker Alert ID:  1036881
SecurityTracker URL:
CVE Reference:   CVE-2016-6406   (Links to External Site)
Date:  Sep 22 2016
Impact:   Root access via network
Vendor Confirmed:  Yes  
Version(s): 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7-2-054, 10.0.0-124, 10.0.0-125
Description:   A vulnerability was reported in Cisco Email Security Appliance. A remote user can gain access to the target system.

A remote user can access an internal testing and debugging interface to gain access to the target system with root privileges.

The interface is intended for use during product development only.

Systems that have been rebooted at most once since an affected version was installed are affected if the device's Enrollment Client component version is prior to version 1.0.2-065.

The vendor has assigned bug ID CSCvb26017 to this vulnerability.

Impact:   A remote user can gain access to the target system with root privileges.
Solution:   No fixed software was available at the time of this entry.

A system that has been rebooted two or more times after installation of an affected version is no longer affected.

On Friday, September 15th, 2016, the vendor issued an Enrollment Client update that disables the vulnerable interface.

The vendor advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Configuration error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC