← Back

CVE-2014-2119

nvd nist
Published: Mar 21, 2014Modified: May 6, 2026

JSON object

Loading...
8.5
Vector
AV:N/AC:M/Au:S/C:C/I:C/A:C
Exploitability: 6.8 / Impact: 10.0
Source: NVD

Description

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.

Affected (7)

Cisco
3 products
Ironport Asyncos
Content Security Management Appliance
Email Security Appliance Firmware
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ironport Asyncos
Up to 7.9.1-039
Ironport Asyncos
Version 8.1
Content Security Management Appliance
All versions
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ironport Asyncos
Up to 7.6.2-201
Ironport Asyncos
Version 8.0.1
Ironport Asyncos
Version 8.0
Email Security Appliance Firmware
All versions

Related CWEs

CWE-264
CWE-264

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.