What is the severity of CVE-2014-2119?

CVE-2014-2119 is classified as a medium severity vulnerability.

How do I fix CVE-2014-2119?

To fix CVE-2014-2119, upgrade your Cisco AsyncOS to versions 7.6.3-023, 8.0.1-023, or later.

Who is affected by CVE-2014-2119?

CVE-2014-2119 affects users of Cisco AsyncOS for Email Security Appliance prior to 7.6.3-023 and version 8.x before 8.0.1-023.

What type of vulnerability is CVE-2014-2119?

CVE-2014-2119 is a remote authenticated command execution vulnerability.

What devices are impacted by CVE-2014-2119?

CVE-2014-2119 impacts Cisco Email Security Appliances, Cisco Content Security Management Appliances, and specific versions of Cisco AsyncOS.

Vulnerability/
CVE-2014-2119

high

8.5

CWE

264

20/3/2014

12/4/2025

CVE-2014-2119

First published: Thu Mar 20 2014(Updated: )

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.

Credit: ykramarz@cisco.com psirt@cisco.com

Affected Software	Affected Version	How to fix
Cisco AsyncOS	<=7.9.1-039
Cisco AsyncOS	=8.0
Cisco AsyncOS	=8.0.1
Cisco AsyncOS	=8.1
Cisco Content Security Management
Cisco AsyncOS	<=7.6.2-201
Cisco AsyncOS Software for Cisco Email Security Appliances
All of
Any of
Cisco AsyncOS	<=7.9.1-039
Cisco AsyncOS	=8.0
Cisco AsyncOS	=8.0.1
Cisco AsyncOS	=8.1
Cisco Content Security Management
All of
Any of
Cisco AsyncOS	<=7.6.2-201
Cisco AsyncOS	=8.0
Cisco AsyncOS	=8.0.1
Cisco AsyncOS Software for Cisco Email Security Appliances

Never miss a vulnerability like this again

Reference Links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos

Frequently Asked Questions

What is the severity of CVE-2014-2119?
CVE-2014-2119 is classified as a medium severity vulnerability.
How do I fix CVE-2014-2119?
To fix CVE-2014-2119, upgrade your Cisco AsyncOS to versions 7.6.3-023, 8.0.1-023, or later.
Who is affected by CVE-2014-2119?
CVE-2014-2119 affects users of Cisco AsyncOS for Email Security Appliance prior to 7.6.3-023 and version 8.x before 8.0.1-023.
What type of vulnerability is CVE-2014-2119?
CVE-2014-2119 is a remote authenticated command execution vulnerability.
What devices are impacted by CVE-2014-2119?
CVE-2014-2119 impacts Cisco Email Security Appliances, Cisco Content Security Management Appliances, and specific versions of Cisco AsyncOS.

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/references
agent/first-publish-date
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/author
agent/source
agent/softwarecombine
agent/tags
agent/event
vendor/cisco
canonical/cisco asyncos
version/cisco asyncos/7.9.1-039
version/cisco asyncos/8.0
version/cisco asyncos/8.0.1
version/cisco asyncos/8.1
canonical/cisco content security management
version/cisco asyncos/7.6.2-201
canonical/cisco asyncos software for cisco email security appliances

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.