• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
attackers can crash cisco email security appliances by sending malicious

Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails

You are here: Home / General Cyber Security News / Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails
February 18, 2022

Cisco has introduced security updates to comprise a few vulnerabilities influencing its merchandise, together with a single high-severity flaw in its Email Security Equipment (ESA) that could outcome in a denial-of-assistance (DoS) affliction on an affected system.

The weakness, assigned the identifier CVE-2022-20653 (CVSS rating: 7.5), stems from a scenario of insufficient mistake managing in DNS identify resolution that could be abused by an unauthenticated, distant attacker to send out a specially crafted email information and trigger a DoS.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“A thriving exploit could allow for the attacker to trigger the gadget to become unreachable from management interfaces or to process supplemental email messages for a time period of time right up until the gadget recovers, ensuing in a DoS situation,” the corporation said in an advisory. “Ongoing attacks could cause the product to turn out to be entirely unavailable, ensuing in a persistent DoS problem.”

The flaw impacts Cisco ESA devices functioning Cisco AsyncOS Software running versions 14., 13.5, 13., 12.5 and previously and have the “DANE element enabled and with the downstream mail servers configured to send bounce messages.” DANE is brief for DNS-based mostly Authentication of Named Entities, which is utilized for outbound mail validation.

Cisco credited scientists from ICT services provider Rijksoverheid Dienst ICT Uitvoering (DICTU) for reporting the vulnerability, even though pointing out that it really is not uncovered any proof of destructive exploitation.

Separately, the networking devices maker also tackled two other flaws in its Primary Infrastructure and Advanced Programmable Network Supervisor and Redundancy Configuration Supervisor that could empower an adversary to execute arbitrary code and trigger a DoS situation –

Prevent Data Breaches

  • CVE-2022-20659 (CVSS score: 6.1) – Cisco Prime Infrastructure and Progressed Programmable Network Manager cross-web page scripting (XSS) vulnerability
  • CVE-2022-20750 (CVSS rating: 5.3) – Cisco Redundancy Configuration Manager for Cisco StarOS Computer software TCP denial-of-services (DoS) vulnerability

The fixes also occur months right after Cisco published patches for many critical security vulnerabilities impacting its RV Series routers , some of which gained the maximum doable CVSS severity score ratings of 10, that could be weaponized to elevate privileges and execute arbitrary code on impacted units.

Observed this post attention-grabbing? Stick to THN on Fb, Twitter  and LinkedIn to go through more exceptional information we put up.


Some parts of this report are sourced from:
thehackernews.com

Previous Post: «another critical rce discovered in adobe commerce and magento platforms Another Critical RCE Discovered in Adobe Commerce and Magento Platforms
Next Post: 4 Cloud Data Security Best Practices All Businesses Should Follow Today 4 cloud data security best practices all businesses should follow»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.