All ESA software releases prior to the first fixed release are vulnerable on both virtual and hardware appliances. Cisco provides information about affected releases in Cisco bugs, which are accessible through the Cisco Bug Search Tool
To determine which release of Cisco AsyncOS Software is running on an ESA, administrators can use the version
command in the CLI. The following example shows the output of the version
command for an ESA running Cisco AsyncOS Software Release 8.5.7-044:
Product: Cisco IronPort X1070 Messaging Gateway(tm) Appliance
Note that Cisco provides regular maintenance of products in the Cisco Cloud Email Security (CES) service solution, which includes Cisco Email Security Appliances and Cisco Content Security Management Appliances. Customers can also request a software upgrade by contacting Cisco CES support.
No other Cisco products are currently known to be affected by this vulnerability.
The following products are not vulnerable:
- Security Mail Appliance, both virtual and hardware versions
- Web Security Appliance, both virtual and hardware versions