CVE-2014-2119

Severity Score

8.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.

El servicio End User Safelist/Blocklist (también conocido como SLBL) en el software Cisco AsyncOS para Email Security Appliance (ESA) anterior a 7.6.3-023 y 8.x anterior a 8.0.1-023 y Cisco Content Security Management Appliance (SMA) anterior a 7.9.1-110 y 8.x anterior a 8.1.1-013 permite a usuarios remotos autenticados ejecutar código arbitrario con privilegios root a través de una sesión FTP que sube un archivo de base de datos SLBL modificado, también conocido como Bug IDs CSCug79377 y CSCug80118.

*Credits: N/A

CVSS Scores

NISTv2 8.5

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-02-25 CVE Reserved
2014-03-20 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos	2018-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	<= 7.9.1-039 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 7.9.1-039"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Appliance Search vendor "Cisco" for product "Content Security Management Appliance"	-	-	Affected
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	8.0 Search vendor "Cisco" for product "Ironport Asyncos" and version "8.0"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Appliance Search vendor "Cisco" for product "Content Security Management Appliance"	-	-	Affected
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	8.0.1 Search vendor "Cisco" for product "Ironport Asyncos" and version "8.0.1"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Appliance Search vendor "Cisco" for product "Content Security Management Appliance"	-	-	Affected
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	8.1 Search vendor "Cisco" for product "Ironport Asyncos" and version "8.1"	-	Affected	in	Cisco Search vendor "Cisco"	Content Security Management Appliance Search vendor "Cisco" for product "Content Security Management Appliance"	-	-	Affected
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	<= 7.6.2-201 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 7.6.2-201"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Affected
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	8.0 Search vendor "Cisco" for product "Ironport Asyncos" and version "8.0"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Affected
Cisco Search vendor "Cisco"	Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos"	8.0.1 Search vendor "Cisco" for product "Ironport Asyncos" and version "8.0.1"	-	Affected	in	Cisco Search vendor "Cisco"	Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"	-	-	Affected