Menu
Cisco recommends McAfee switch for IronPort customers hit by Sophos flaws

Cisco recommends McAfee switch for IronPort customers hit by Sophos flaws

Attackers could gain control of IronPort appliances because of flaws in Sophos Anti-Virus, Cisco said

Cisco Systems has warned customers about critical vulnerabilities in the Sophos antivirus engine included in its Cisco IronPort email and Web security appliances.

"Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web Security Appliances (WSA) include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a denial-of-service (DoS) condition," Cisco said Friday in a security advisory.

Cisco rated the severity of the vulnerabilities at 9.7 out of 10 on the CVSS (Common Vulnerability Scoring System) scale. This means that the flaws can be attacked from the network, have a low complexity access level and can completely compromise the confidentiality and integrity of the affected products.

The vulnerabilities in Sophos Anti-Virus that affect Cisco IronPort appliances were publicly disclosed by Google security engineer Tavis Ormandy on Monday, Cisco said.

According to a Sophos knowledgebase article, fixes for some of the vulnerabilities reported by Ormandy were released in October. However, patches for three particular flaws, including a critical one for which proof-of-concept exploit code is publicly available, were only rolled out on Monday.

"As updates that address these vulnerabilities become available from Sophos, Cisco is working to qualify and automatically provision them through the Cisco IronPort ESA and WSA platforms," Cisco said. "Fixes for the vulnerabilities that are described in this advisory are currently not available; however, there are configuration workarounds available that may eliminate the risk for most customers."

The workaround that Cisco refers to requires users to stop using Sophos Anti-virus and switch to a different antivirus engine supported by the IronPort appliances.

"To mitigate this issue, customers can configure the Cisco IronPort appliances to use an alternate antivirus program," the company said. "Cisco is providing 30-day trial licenses for McAfee AntiVirus through IronPort Technical Support as an interim workaround."

Sophos did not immediately return a request for comment regarding the availability of patches for the vulnerabilities described in Cisco's security advisory.

Cisco did not immediately return a request for comment seeking clarifications on whether the Sophos antivirus engine in the IronPort appliances will be updated automatically or if customers need to update it manually.


Follow Us

Join the newsletter!

Or
Error: Please check your email address.

Tags securitysophosantivirusantispamCisco SystemspatchesExploits / vulnerabilities

Featured

Slideshows

Bumper channel crowd kicks off first After Hours of 2018

Bumper channel crowd kicks off first After Hours of 2018

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Jefferson in Auckland to kick-start 2018. Photos by Gino Demeer.

Bumper channel crowd kicks off first After Hours of 2018
Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Show Comments