Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100210-ironport
:ivan:
Once again, the networking pros make jokes about the oxymoron "Cisco security".
What I laugh at is the time line. This vulnerability was released back in 2010. At that time Cisco said here is a work around, but never released a patch. End of Sale is two years later in 2012. Still no patch. For whatever random reason they update the work around section in 2014. End of Support/Life is July of 2015. No patch ever released. Another security researcher finds a new way to exploit this vulnerability after End of Support. Cisco updates the document to mention that no really you should implement the work-around described below.
-Otanx
I didn't even catch that 2010 date. oops.