This bug in Cisco Secure Email lets hackers waltz past security protections

Image depicting a hand on a scanner
Image Credit: Pixabay (Image credit: Pixabay)

A recently discovered flaw in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager allows threat actors to waltz past security protections and log into endpoints with non-default configurations, the company has confirmed.

An advisory published by Cisco revealed the company stumbled upon the flaw while addressing a support case via Cisco TAC. While it claims there is no evidence of the flaw being exploited in the wild, it is now being tracked as CVE-2022-20798. 

The good news is that a patch is already available, and users are urged to apply it immediately.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Unauthorized access

It revolves around authentication checks on endpoints using Lightweight Directory Access Protocol (LDAP) for external authentication, the company said. Allegedly, it only affects appliances configured to use external authentication, and LDAP. These things are turned off by default, though.

"An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device," Cisco says. "A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device."

Users can check if their appliance has external authentication enabled by logging into the web-based management interface, navigating to System Administration > Users, and looking for “Enable External Authentication”.

Even though installing the patch is the best way to mitigate the threat, there are other workarounds, including disabling anonymous binds on the external authentication server. 

This is not the first time Cisco has had to patch Secure Email gateway. Earlier this year, it fixed a flaw that allowed remote attackers to break unpatched appliances with the help of malicious emails

Cisco also said it will not be fixing a zero-day found in RV110W, RV130, RV130W, and RV215W SMB routers, as these devices have reached end-of-life, BleepingComputer found. Businesses using these endpoints could be at risk, given that the zero-day allows attackers to execute arbitrary code with root-level privileges.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Cisco patches critical security issues, so update now
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
Best free Linux firewalls
SonicWall tells admins to patch worrying SSLVPN flaw immediately
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
The best free firewall
Palo Alto Networks PAN-OS sees authentication bypass under attack from hackers
Latest in Security
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Latest in News
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Apple iPhone 16 Review
New iPhone 17 report lends weight to rumors of major display and camera upgrades, and a pricey Apple foldable
Teams
Microsoft Teams is finally adding a tiny but crucial feature I honestly can't believe it never had
Apple Watch Ultra 2 move data
Apple is reportedly planning a huge future Apple Watch upgrade to turn it into an AI device with onboard cameras