Описание
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:cisco:email_security_appliance_firmware:9.1.2-023:*:*:*:*:*:*:*
cpe:2.3:o:cisco:email_security_appliance_firmware:9.1.2-028:*:*:*:*:*:*:*
cpe:2.3:o:cisco:email_security_appliance_firmware:9.1.2-036:*:*:*:*:*:*:*
cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.2-046:*:*:*:*:*:*:*
cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.2-047:*:*:*:*:*:*:*
cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.2-054:*:*:*:*:*:*:*
cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-124:*:*:*:*:*:*:*
cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-125:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02876
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017.
EPSS
Процентиль: 86%
0.02876
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-264