Cusci IronPort Encryption Appliance / PostX multiple security vulnerabilities

[EN] securityvulns.ru
no-pyccku

Cusci IronPort Encryption Appliance / PostX multiple security vulnerabilities
Published: 18.01.2009
Source: BUGTRAQ
SecurityVulns ID: 9601
Type: remote
Level: 6/10
Description: Unauthorized access to encrypted messages, unauthorized access to administration interface.

Affected: CISCO : PostX 6.2
CISCO : IronPort Encryption Appliance 6.3
CISCO : IronPort Encryption Appliance 6.5
CVE: CVE-2009-0054 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message.)
CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error.")

Original document CISCO, Cisco Security Advisory: IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities (18.01.2009)

Discuss: Read or add your comments to this news (0 comments)

test server