8.5

CVE-2014-2119

EPSS 1.37%
Published 21.03.2014 01:04:02
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.

Affected products Warnungen 0 Metrics 2 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ironport Asyncos Version <= 7.9.1-039

Cisco ≫ Ironport Asyncos Version8.0

Cisco ≫ Ironport Asyncos Version8.0.1

Cisco ≫ Ironport Asyncos Version8.1

Cisco ≫ Content Security Management Appliance Version-

Cisco ≫ Ironport Asyncos Version <= 7.6.2-201

Cisco ≫ Ironport Asyncos Version8.0

Cisco ≫ Ironport Asyncos Version8.0.1

Cisco ≫ Email Security Appliance Firmware Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.37%	0.784

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-2119

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2119

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2119

EUVD