Cisco has fixed a bug that could let attackers to lock up its email security appliance with a single malicious email.
The bug, which has the ID CVE-2022-20653, affects Cisco’s Email Security Equipment (ESA), an email security gateway solution that detects and blocks email-borne malware, spam, and phishing attempts.
The dilemma lies in the ASyncOS running program that the ESA uses, according to an advisory issued by the firm this 7 days.
The dilemma lies in the appliance’s use of DNS-dependent Authentication of Named Entities (DANE) for security. DANE takes advantage of the a lot more safe DNSSEC protocol to provide added verification that a DNS report is respectable. This will make it harder for malicious actors to spoof electronic certificates or use person-in-the-center attacks to misdirect DNS requests.
Having said that, Cisco located that ASyncOS was unable to appropriately manage DNS identify resolution, opening it up to exploit by destructive inputs.
In this circumstance, the malicious input would be an email and, if crafted accurately, could freeze the appliance’s administration interface and quit it processing further more e-mail right up until it had recovered.
Cisco has categorized the vulnerability, which has a CVSS rating of 7.5, as a denial of support (DoS) bug.
“Continued attacks could lead to the product to turn into entirely unavailable, resulting in a persistent DoS problem,” Cisco warned.
The DANE function is not enabled by default, meaning that only people who have activated it will be afflicted. All those shoppers can put in Cisco’s software package updates to take care of the dilemma.
In the meantime, consumers can also configure bounce messages from the ESA alternatively of from downstream dependent email servers to halt attackers exploiting the bug, the company claimed.
The ASyncOS program noticed two other documented vulnerabilities previous 12 months. CVE-2021-1566 was a bug in its Cisco Highly developed Malware safety for Endpoints integration, permitting the interception of distant targeted traffic. The other, CVE-2021-1359, permitted attackers to obtain root privileges.
Some parts of this posting are sourced from: