Cisco recommends McAfee switch for IronPort customers hit by Sophos flaws
Attackers could gain control of IronPort appliances because of flaws in Sophos Anti-Virus, Cisco said
IDG News Service - Cisco Systems has warned customers about critical vulnerabilities in the Sophos antivirus engine included in its Cisco IronPort email and Web security appliances.
"Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web Security Appliances (WSA) include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a denial-of-service (DoS) condition," Cisco said Friday in a security advisory.
Cisco rated the severity of the vulnerabilities at 9.7 out of 10 on the CVSS (Common Vulnerability Scoring System) scale. This means that the flaws can be attacked from the network, have a low complexity access level and can completely compromise the confidentiality and integrity of the affected products.
The vulnerabilities in Sophos Anti-Virus that affect Cisco IronPort appliances were publicly disclosed by Google security engineer Tavis Ormandy on Monday, Cisco said.
According to a Sophos knowledgebase article, fixes for some of the vulnerabilities reported by Ormandy were released in October. However, patches for three particular flaws, including a critical one for which proof-of-concept exploit code is publicly available, were only rolled out on Monday.
"As updates that address these vulnerabilities become available from Sophos, Cisco is working to qualify and automatically provision them through the Cisco IronPort ESA and WSA platforms," Cisco said. "Fixes for the vulnerabilities that are described in this advisory are currently not available; however, there are configuration workarounds available that may eliminate the risk for most customers."
The workaround that Cisco refers to requires users to stop using Sophos Anti-virus and switch to a different antivirus engine supported by the IronPort appliances.
"To mitigate this issue, customers can configure the Cisco IronPort appliances to use an alternate antivirus program," the company said. "Cisco is providing 30-day trial licenses for McAfee AntiVirus through IronPort Technical Support as an interim workaround."
"Sophos has been in contact with Cisco since 15th October regarding the potential vulnerabilities in the engine and released an updated version of the engine to address the majority of vulnerabilities to Cisco on 23rd October," Graham Cluley, senior technology consultant at Sophos, said Friday via email. "A new version of the engine released this week ensures that all the vulnerabilities identified by Tavis Ormandy have been patched."
"Sophos recommends that customers follow Cisco's advisory and update to the latest version of the engine as soon as it is released by Cisco," Cluley said.
Cisco did not immediately return a request for comment seeking clarifications on whether the Sophos antivirus engine in the IronPort appliances will be updated automatically or if customers need to update it manually.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Applications Case Study: 8 Billion Transactions a Day The story documents how the online brokerage company tradeMONSTER created a custom mobile app and the success gleaned from this initiative. Also covered...
- The Case for Mobile Apps Today's mobile apps turn handheld devices into e-book readers, portable navigation systems, digital wallets and more. And for organizations with mobile workers, they...
- Mobile Expense Management--Picking up the Money on the Ground Integrating and managing mobility expenses across multiple carriers can generate savings and improve organizational decision making.
- Partners in Mobile Device Management: AirWatch & CDW When it comes to Mobile Device Management, it's not just what you know. It's who you know. That's why CDW partners with industry...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Government Agency Webifies Outdated COBOL Applications Let this CTO tell you how his agency converted 1980s-era green screens into an e-filing portal for the 100,000 cases handled each year...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Testimonial: Cystic Fibrosis Trust Peter Hawkins, the Head of IT for Cystic Fibrosis Trust, discusses the role CommVault's Simpana software platform plays in improving the company's information... All Applications White Papers | Webcasts