Monday, July 1, 2013

Cisco patches flaws in security appliances

Cisco is advising administrators to patch their security appliance following the disclosure of vulnerabilities in the company's Web Security and Email Security Appliance systems. The company said that the flaws included both command injection flaws on denial of service attacks for both of the security systems. For the Web Security Appliance, the fix will bring patches for two authenticated command injection vulnerabilities. If exploited, the flaws could allow a user to remotely take control of a targeted appliance and execute arbitrary code. In order to do so, however, the company noted that the user would need to have a valid account on he network, thus decreasing the likelihood of a remote attack. <more>

No comments: