Cisco Warns of Vulnerability in Security Appliances


Cisco recently warned of a security flaw in its IronPort Email Security Appliances and IronPort Security Management Appliances.

"The vulnerability could be exploited by an attacker to remotely execute code on a system by sending a specially crafted command to the telnet daemon (telnetd)," The H Security reports.

"A buffer overflow in the encrypt_keyid() function causes the server to execute the injected code with system privileges," the article states. "Cisco has yet to provide its customers with a patch. Users who wish to prevent their systems from being compromised need to deactivate the Telnet server – instructions for doing so can be found in the advisory."

Go to "Cisco Security Appliances at risk from Telnet bug" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.