V3.co.uk reports that Cisco is warning of three vulnerabilities in its IronPort line. Two of the bugs could allow an attacker to view sensitive system administration details. The third could allow remote code execution.
According to The H Security, one flaw lies in the administration interface, the second in the WebSafe servlet and the third in the HTTPS server. The vulnerabilities affect Cisco’s IronPort Encryption appliance versions 6.2 and 6.5, as well as IronPort PostX MAP. IronPort C, M and S appliances are not believed to be vulnerable.
Cisco’s Security Advisory offers workarounds to mitigate these vulnerabilities.