• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
attackers can crash cisco email security appliances by sending malicious

Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails

You are here: Home / General Cyber Security News / Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails
February 18, 2022

Cisco has introduced security updates to comprise a few vulnerabilities influencing its merchandise, together with a single high-severity flaw in its Email Security Equipment (ESA) that could outcome in a denial-of-assistance (DoS) affliction on an affected system.

The weakness, assigned the identifier CVE-2022-20653 (CVSS rating: 7.5), stems from a scenario of insufficient mistake managing in DNS identify resolution that could be abused by an unauthenticated, distant attacker to send out a specially crafted email information and trigger a DoS.

Automatic GitHub Backups

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“A thriving exploit could allow for the attacker to trigger the gadget to become unreachable from management interfaces or to process supplemental email messages for a time period of time right up until the gadget recovers, ensuing in a DoS situation,” the corporation said in an advisory. “Ongoing attacks could cause the product to turn out to be entirely unavailable, ensuing in a persistent DoS problem.”

The flaw impacts Cisco ESA devices functioning Cisco AsyncOS Software running versions 14., 13.5, 13., 12.5 and previously and have the “DANE element enabled and with the downstream mail servers configured to send bounce messages.” DANE is brief for DNS-based mostly Authentication of Named Entities, which is utilized for outbound mail validation.

Cisco credited scientists from ICT services provider Rijksoverheid Dienst ICT Uitvoering (DICTU) for reporting the vulnerability, even though pointing out that it really is not uncovered any proof of destructive exploitation.

Separately, the networking devices maker also tackled two other flaws in its Primary Infrastructure and Advanced Programmable Network Supervisor and Redundancy Configuration Supervisor that could empower an adversary to execute arbitrary code and trigger a DoS situation –

Prevent Data Breaches

  • CVE-2022-20659 (CVSS score: 6.1) – Cisco Prime Infrastructure and Progressed Programmable Network Manager cross-web page scripting (XSS) vulnerability
  • CVE-2022-20750 (CVSS rating: 5.3) – Cisco Redundancy Configuration Manager for Cisco StarOS Computer software TCP denial-of-services (DoS) vulnerability

The fixes also occur months right after Cisco published patches for many critical security vulnerabilities impacting its RV Series routers , some of which gained the maximum doable CVSS severity score ratings of 10, that could be weaponized to elevate privileges and execute arbitrary code on impacted units.

Observed this post attention-grabbing? Stick to THN on Fb, Twitter  and LinkedIn to go through more exceptional information we put up.


Some parts of this report are sourced from:
thehackernews.com

Previous Post: «another critical rce discovered in adobe commerce and magento platforms Another Critical RCE Discovered in Adobe Commerce and Magento Platforms
Next Post: 4 Cloud Data Security Best Practices All Businesses Should Follow Today 4 cloud data security best practices all businesses should follow»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • NCSC Launches Awareness Campaign to Strengthen Password Practices
  • Cyclops Blink Malware Expands to Target Asus
  • Aircraft Disrupted by Satellite Jamming Following Russian Invasion
  • Cloud-Based Email Threats Surge 50% in 2021
  • Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang
  • New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers
  • Dev Sabotages Popular NPM Package to Protest Russian Invasion
  • Phishers Using Ukraine Invasion to Solicit Cryptocurrency
  • Hackers spotted using CAPTCHAs to dodge email security scanners
  • FBI Launches Virtual Assets Unit

Copyright © TheCyberSecurity.News, All Rights Reserved.