Security News > 2022 > June > Cisco Secure Email bug can let attackers bypass authentication

Cisco Secure Email bug can let attackers bypass authentication
2022-06-15 18:24

Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations.

The security flaw was found in the external authentication functionality of virtual and hardware Cisco Email Security Appliance and Cisco Secure Email and Web Manager appliances.

An advisory published on Wednesday says the bug was discovered during the resolution of a Cisco TAC support case.

Cisco also says this vulnerability does not affect its Cisco Secure Web Appliance product, previously known as Cisco Web Security Appliance.

Another Secure Email gateway flaw patched in February could allow remote attackers to crash unpatched appliances using maliciously crafted email messages.

Today, Cisco also announced it wouldn't fix a critical zero-day bug affecting end-of-life RV110W, RV130, RV130W, and RV215W SMB routers, allowing attackers to execute arbitrary commands with root-level privileges.


News URL

https://www.bleepingcomputer.com/news/security/cisco-secure-email-bug-can-let-attackers-bypass-authentication/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751