This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments.
To determine whether AMP is configured on a Cisco Email Security Appliance (ESA), administrators can use the Cisco AsyncOS System Administration GUI or the command-line interface (CLI).
In the System Administration GUI, choose Security Services > File Reputation and Analysis
, and then check the setting for the File Reputation
In the CLI, issue the ampconfig
command and check the value of the File Reputation
field in the command output. The following example shows the output of the ampconfig
command for an ESA that has AMP configured to scan incoming email attachments:
File Reputation: Enabled
File Analysis: Enabled
File types selected for File Analysis:
Microsoft Windows / DOS Executable
Appliance Group ID/Name: Not part of any group yet
To determine which release of Cisco AsyncOS Software is running on an ESA, administrators can use the version
command in the CLI. The following example shows the output of the version
command for an ESA running Cisco AsyncOS Software Release 8.5.7-044:
Product: Cisco IronPort X1070 Messaging Gateway(tm) Appliance
Note that Cisco provides regular maintenance of products in the Cisco Cloud Email Security (CES) service solution, which includes Cisco Email Security Appliances and Cisco Content Security Management Appliances. Customers can also request a software upgrade by contacting Cisco CES support.
No other Cisco products are currently known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following products:
- Cisco Content Security Management Appliance, virtual and hardware versions
- Cisco Web Security Appliance, virtual and hardware versions