This vulnerability affects Cisco AsyncOS versions through 9.6 for ESA, on both virtual and hardware appliances, that are configured to perform anti-spam scanning and SPF/Sender Identification Framework (SIDF) verification for mail flow.
To determine whether an ESA is configured to perform anti-spam scanning, use the GUI and navigate to Open Security services > IronPort Anti-Spam
, and verify that IronPort Anti-Spam
To determine whether SPF/SIDF is configured, use the GUI and navigate to Mail Polices > Mail Flow Policies
. For each configured policy name, scroll down to Security Services > SPF/SIDF Verification
and verify that SPF/SIDF verification is enabled.
To determine whether a vulnerable version of Cisco AsyncOS Software is running on a Cisco ESA, administrators can use the version command in the ESA CLI. The following example shows the results for a device running Cisco AsyncOS Software version 8.5.3-051:
Product: Cisco IronPort X1070 Messaging Gateway(tm) Appliance
Cisco Cloud Email Security (CES) includes the Cisco ESA and Cisco Security Management Appliance (SMA) as part of the service solution. Cisco provides regular maintenance of the products included in this solution. Customers can also request a software upgrade by contacting Cisco CES support.
The following products are not vulnerable:
- Cisco Security Mail Appliance, both virtual and hardware versions
- Cisco Web Security Appliance, both virtual and hardware versions
No other Cisco products are currently known to be affected by this vulnerability.