HOME > VULNERABILITY


   VULNERABILITY

 

CERT-In Vulnerability Note CIVN-2010-142
Cisco IronPort Desktop Flag Plug-in for Outlook Information Disclosure

Original Issue Date: May 18, 2010

Severity Rating:Medium

System Affected

  • Cisco Iron Port Desktop Flag Plug-in for Outlook versions prior to 6.5.0-006

Overview

Vulnerability has been reported in Cisco Iron Port Desktop Flag Plug-in for Outlook. The application may fail to encrypt certain e-mail messages.

Description

Cisco Iron-Port is a mail encryption appliance. It is used with desktop flag plug in for outlook express. While using outlook express, a user has to press ‘send secure' button to encrypt and send the mail securely. When multiple mails are sent at one click, the device may encrypt only the first mail and fail to encrypt remaining messages. This may result in the disclosure of sensitive information if the remaining email messages are intercepted by an unauthorized party.

Workaround

  • Compose and send only one mail at a time

Vendor Information

CISCO
http://www.cisco.com/warp/public/707/cisco-sr-20100511-ironport.shtml

References

CISCO
http://www.cisco.com/warp/public/707/cisco-sr-20100511-ironport.shtml

VUPEN
http://www.vupen.com/english/advisories/2010/1125

SecurityTracker
http://securitytracker.com/alerts/2010/May/1023977.html

SecurityFocus
http://www.securityfocus.com/bid/40061/info

CVE Name
CVE-2010-1568

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003