Email Fixes Vulnerability That Could Crash Cisco Secure Email Gateways

news

Cisco has announced that it has addressed a high severity vulnerability that could allow an attacker to crash a Cisco Secure Email appliance using an email message.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU

Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) DNS-based Authentication of Named Entities (DANE) email verification component in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) is vulnerable, which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected devices.

This security vulnerability (tracked as CVE-2022-20653) exists in DNS -based Authentication of Named Entities (DANE), a Cisco AsyncOS Software component used by Cisco Secure Email to check email for threats such as spam, phishing, and malware. -based Authentication of Named Entities (DANE), a Cisco AsyncOS Software component that Cisco Secure Email uses to check for email spam, phishing, malware, and other threats.

This vulnerability is due to an insufficient error handling issue in DNS name resolution discovered by security researchers at Rijksoverheid Dienst ICT Uitvoering (DICTU) and reported to Cisco.

An attacker can exploit this vulnerability by sending specially formatted email messages that are processed by the affected device

An attacker can use this vulnerability to send a specially formatted email message that is processed by the affected device.

An attacker can use this vulnerability to cause a denial of service (DoS) condition by making the device unreachable from the management interface or by processing additional email messages until the device is recovered.

To make matters worse, if the attack continues, the target device will be completely unavailable, resulting in a persistent DoS condition.

According to the company’s Product Security Incident Response Team (PSIRT), there was no evidence of malicious misuse prior to the release of this security advisory.

Vulnerable components are not enabled by default

This vulnerability can be exploited remotely by an unauthenticated attacker, but according to Cisco the vulnerable DANE email validation component is not enabled by default.

Administrators can check if DANE is configured by checking if the “DANE Support” option is turned on in the Web UI page of Mail Policy > Destination Control > Add Destination.

Cisco also said that CVE-2022-20653 does not affect the Web Security Appliance (WSA) and Secure Email and Web Manager, or devices that do not have the DANE feature enabled.

We also provide a workaround that requires setting the bounce message to come from the Cisco ESA, rather than from the mail server, to thwart the attack.

We have patched a maximum severity vulnerability that allows proof-of-concept exploit code to take control of a Small Business RV series router without authentication.

Comments

タイトルとURLをコピーしました