Cisco recommends McAfee switch for Ir...

Cisco recommends McAfee switch for IronPort customers hit by Sophos flaws

There are 1 comment on the ComputerWorld story from Nov 9, 2012, titled Cisco recommends McAfee switch for IronPort customers hit by Sophos flaws. In it, ComputerWorld reports that:

Cisco Systems has warned customers about critical vulnerabilities in the Sophos antivirus engine included in its Cisco IronPort email and Web security appliances.

Join the discussion below, or Read more at ComputerWorld.

ip freely

Brandon, Canada

#1 Nov 9, 2012
Cisco Systems has warned customers about critical vulnerabilities in the Sophos antivirus engine included in its Cisco IronPort email and Web security appliances.

"Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web Security Appliances (WSA) include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a denial-of-service (DoS) condition," Cisco said Friday in a security advisory.

Cisco rated the severity of the vulnerabilities at 9.7 out of 10 on the CVSS (Common Vulnerability Scoring System) scale. This means that the flaws can be attacked from the network, have a low complexity access level and can completely compromise the confidentiality and integrity of the affected products.

The vulnerabilities in Sophos Anti-Virus that affect Cisco IronPort appliances were publicly disclosed by Google security engineer Tavis Ormandy on Monday, Cisco said.

According to a Sophos knowledgebase article, fixes for some of the vulnerabilities reported by Ormandy were released in October. However, patches for three particular flaws, including a critical one for which proof-of-concept exploit code is publicly available, were only rolled out on Monday.

"As updates that address these vulnerabilities become available from Sophos, Cisco is working to qualify and automatically provision them through the Cisco IronPort ESA and WSA platforms," Cisco said. "Fixes for the vulnerabilities that are described in this advisory are currently not available; however, there are configuration workarounds available that may eliminate the risk for most customers."

The workaround that Cisco refers to requires users to stop using Sophos Anti-virus and switch to a different antivirus engine supported by the IronPort appliances.

"To mitigate this issue, customers can configure the Cisco IronPort appliances to use an alternate antivirus program," the company said. "Cisco is providing 30-day trial licenses for McAfee AntiVirus through IronPort Technical Support as an interim workaround."

"Sophos has been in contact with Cisco since 15th October regarding the potential vulnerabilities in the engine and released an updated version of the engine to address the majority of vulnerabilities to Cisco on 23rd October," Graham Cluley, senior technology consultant at Sophos, said Friday via email. "A new version of the engine released this week ensures that all the vulnerabilities identified by Tavis Ormandy have been patched."

Tell me when this thread is updated:

Subscribe Now Add to my Tracker

Add your comments below

Characters left: 4000

Please note by submitting this form you acknowledge that you have read the Terms of Service and the comment you are posting is in compliance with such terms. Be polite. Inappropriate posts may be removed by the moderator. Send us your feedback.

Computer Security Discussions

Title Updated Last By Comments
News Russian hacker faces decades in prison Apr 21 USA Today 3
News Students hack into school system, change grades (Apr '07) Apr 19 Maggie Girard 715
News Metro city 'vulnerable' after tornado sirens ha... Apr 10 churchterror 2
News Not So Silent Night: Dallas Emergency Siren Sys... Apr 9 cantshutitoff 1
News 1D fans split on Zayn Malik's new haircut, Loui... (Jan '13) Apr 6 Jess 11
News WikiLeaks: CIA hacked Apple devices in ways use... Mar '17 Stevecarr123 1
News McDonald's says Twitter account was hacked befo... Mar '17 gandolf 1
More from around the web