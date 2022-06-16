ContributorsPublishersAdvertisers
This bug in Cisco Secure Email lets hackers waltz past security protections

By Sead Fadilpašić
TechRadar
 3 days ago
(Image credit: Pixabay)

A recently discovered flaw in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager allows threat actors to waltz past security protections and log into endpoints with non-default configurations, the company has confirmed.

An advisory published by Cisco revealed the company stumbled upon the flaw while addressing a support case via Cisco TAC. While it claims there is no evidence of the flaw being exploited in the wild, it is now being tracked as CVE-2022-20798.

The good news is that a patch is already available, and users are urged to apply it immediately.

Unauthorized access

It revolves around authentication checks on endpoints using Lightweight Directory Access Protocol (LDAP) for external authentication, the company said. Allegedly, it only affects appliances configured to use external authentication, and LDAP. These things are turned off by default, though.

"An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device," Cisco says. "A successful exploit could allow the attacker to gain unauthorized access (opens in new tab) to the web-based management interface of the affected device."

Users can check if their appliance has external authentication enabled by logging into the web-based management interface, navigating to System Administration > Users, and looking for “Enable External Authentication”.

Even though installing the patch is the best way to mitigate the threat, there are other workarounds, including disabling anonymous binds on the external authentication server.

This is not the first time Cisco has had to patch Secure Email gateway. Earlier this year, it fixed a flaw that allowed remote attackers to break unpatched appliances with the help of malicious emails (opens in new tab).

Cisco also said it will not be fixing a zero-day found in RV110W, RV130, RV130W, and RV215W SMB routers, as these devices have reached end-of-life, BleepingComputer found. Businesses using these endpoints (opens in new tab) could be at risk, given that the zero-day allows attackers to execute arbitrary code with root-level privileges.

Via: BleepingComputer (opens in new tab)

https://img.particlenews.com/image.php?url=3pe8ik_0gCccVBO00

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

#Email Security#Security Appliance#Hackers#Cisco Secure Email#Cve 2022 20798#Cybersecurity#Ldap
HackerNoon

Your SaaS User Communications: Don't Overlook the Security Issues

Modern SaaS application providers handle sensitive user information every day, from customer names and email addresses to application code and third-party API secrets. It is thus more important than ever for web applications to adhere to the highest security standards, not only to maintain their business reputation and avoid financial losses but also to protect their users.
SOFTWARE
