Cisco has introduced security updates to comprise a few vulnerabilities influencing its merchandise, together with a single high-severity flaw in its Email Security Equipment (ESA) that could outcome in a denial-of-assistance (DoS) affliction on an affected system.
The weakness, assigned the identifier CVE-2022-20653 (CVSS rating: 7.5), stems from a scenario of insufficient mistake managing in DNS identify resolution that could be abused by an unauthenticated, distant attacker to send out a specially crafted email information and trigger a DoS.
“A thriving exploit could allow for the attacker to trigger the gadget to become unreachable from management interfaces or to process supplemental email messages for a time period of time right up until the gadget recovers, ensuing in a DoS situation,” the corporation said in an advisory. “Ongoing attacks could cause the product to turn out to be entirely unavailable, ensuing in a persistent DoS problem.”
The flaw impacts Cisco ESA devices functioning Cisco AsyncOS Software running versions 14., 13.5, 13., 12.5 and previously and have the “DANE element enabled and with the downstream mail servers configured to send bounce messages.” DANE is brief for DNS-based mostly Authentication of Named Entities, which is utilized for outbound mail validation.
Cisco credited scientists from ICT services provider Rijksoverheid Dienst ICT Uitvoering (DICTU) for reporting the vulnerability, even though pointing out that it really is not uncovered any proof of destructive exploitation.
Separately, the networking devices maker also tackled two other flaws in its Primary Infrastructure and Advanced Programmable Network Supervisor and Redundancy Configuration Supervisor that could empower an adversary to execute arbitrary code and trigger a DoS situation –
- CVE-2022-20659 (CVSS score: 6.1) – Cisco Prime Infrastructure and Progressed Programmable Network Manager cross-web page scripting (XSS) vulnerability
- CVE-2022-20750 (CVSS rating: 5.3) – Cisco Redundancy Configuration Manager for Cisco StarOS Computer software TCP denial-of-services (DoS) vulnerability
The fixes also occur months right after Cisco published patches for many critical security vulnerabilities impacting its RV Series routers , some of which gained the maximum doable CVSS severity score ratings of 10, that could be weaponized to elevate privileges and execute arbitrary code on impacted units.
Observed this post attention-grabbing? Stick to THN on Fb, Twitter and LinkedIn to go through more exceptional information we put up.
Some parts of this report are sourced from: