Security News > 2022 > February > Cisco bug can let hackers crash Cisco Secure Email gateways

Cisco bug can let hackers crash Cisco Secure Email gateways
2022-02-17 16:26

Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages.

The security flaw was found in DNS-based Authentication of Named Entities, a Cisco AsyncOS Software component used by Cisco Secure Email to check emails for spam, phishing, malware, and other threats.

This bug is due to an insufficient error handling issue in DNS name resolution found and reported to Cisco by Rijksoverheid Dienst ICT Uitvoering security researchers.

"An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device," Cisco explained.

While the security vulnerability can be exploited remotely by unauthenticated attackers, Cisco says the vulnerable DANE email verification component is not enabled by default.

Cisco has also confirmed that CVE-2022-20653 does not impact Web Security Appliance and Secure Email and Web Manager or devices without the DANE feature enabled.


News URL

https://www.bleepingcomputer.com/news/security/cisco-bug-can-let-hackers-crash-cisco-secure-email-gateways/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-17 CVE-2022-20653 Unspecified vulnerability in Cisco Asyncos
A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751