Security News > 2022 > February > Hackers can crash Cisco Secure Email gateways using malicious emails

Hackers can crash Cisco Secure Email gateways using malicious emails
2022-02-17 16:26

Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages.

The security flaw was found in DNS-based Authentication of Named Entities, a Cisco AsyncOS Software component used by Cisco Secure Email to check emails for spam, phishing, malware, and other threats.

"An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device," Cisco explained.

"A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition."

While the security vulnerability can be exploited remotely by unauthenticated attackers, Cisco says the vulnerable DANE email verification component is not enabled by default.

Cisco has also confirmed that CVE-2022-20653 does not impact Web Security Appliance and Secure Email and Web Manager or devices without the DANE feature enabled.


News URL

https://www.bleepingcomputer.com/news/security/hackers-can-crash-cisco-secure-email-gateways-using-malicious-emails/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-17 CVE-2022-20653 Unspecified vulnerability in Cisco Asyncos
A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751