Home

CVE-2014-2119

Description

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.372

Associated Vulnerability

VulnerabilityOS Platform
Cisco AsyncOS Software Code Execution Vulnerability For Cisco IronPort Email Security Appliance SoftwareNCM
Cisco AsyncOS Software Code Execution Vulnerability For Cisco IronPort Security Management Appliance SoftwareNCM
CVE-2014-2119NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706003Security Update for Cisco IronPort Email Security Appliance Software 9.7.2-131
PATCH-1706033Security Update for Cisco IronPort Security Management Appliance Software 11.0.1-152

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234