Security Update:Cisco has released security updates to address CRITICAL and HIGH vulnerabilities in Cisco AsyncOS Software for Cisco Email Security Appliance
Date and Time
Cisco has released security updates to address CRITICALand HIGHvulnerabilities in Cisco AsyncOS Software for Cisco Email Security Appliance.
Advanced Users: For a complete description of the vulnerabilities and effected systems, visit:
- Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability at: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos
- Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-url-dos
AFFECTED SYSTEM - Versions:
- All software versions prior to the first fixed release ofCisco AsyncOS Software for Cisco Email Security Appliance (ESA), both virtual and hardware appliances, if the software is configured for S/MIME Decryption and Verification or S/MIME Public Key Harvesting
- All software versions prior to the first fixed release of Cisco AsyncOS Software for Cisco ESAs, both virtual and hardware, if the URL Filtering as Global Setting feature is enabled and a URL whitelist is in use
WHAT’S THE PROBLEM?
A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.
WHAT DO I NEED TO DO?
Users and administrators are encouraged to go to the link listed above and review the Cisco Security Advisory.
- IT SECURITY at https://it.ucsf.edu/security