Cisco Cisco Content Security Management Appliance M390 發佈版本通知
11
Release Notes for Cisco IronPort AsyncOS 7.7.0 for Security Management AR
OL-25088-02
Resolved Issues
Resolved Issues
Table 6
Resolved Issues in Cisco IronPort AsyncOS 7.7 for Security Management
Defect ID
Description
CSCzv24579
Fixed: Web Framework Authenticated Command Injection Vulnerability
A vulnerability in the appliance could have allowed an authenticated, remote attacker
to execute arbitrary commands on the underlying operating system with elevated
privileges.
to execute arbitrary commands on the underlying operating system with elevated
privileges.
For more information, see the Cisco security advisory at
83262
Fixed: FreeBSD telnetd Remote Code Execution Vulnerability
Previously, there was a vulnerability that could have allowed a remote,
unauthenticated attacker to execute arbitrary code with elevated privileges. This has
now been fixed.
unauthenticated attacker to execute arbitrary code with elevated privileges. This has
now been fixed.
For more information on the vulnerability, see the Cisco security advisory at
77244
Fixed: Critical alert sent in error when previously-connected ESA or WSA is
unavailable
unavailable
Previously, the following critical alert was being sent when in fact no problem existed:
Critical: An application fault occurred: ('authentication/remote_connect.py
__str__|24', "<type 'exceptions.AttributeError'>", "'SmadConnectError' object
has no attribute 'error_message'", '[_coro.pyx coro._coro._wrap1
(coro/_coro.c:8442)|757]
(coro/_coro.c:8442)|757]
[authentication/auth_manager.py start|62] [authentication/remote_connect.py
__str__|24]')
Now, no alert is sent in this situation.