• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisco patches bug that could break its email security service

Cisco patches bug that could break its email security service with a single message

You are here: Home / General Cyber Security News / Cisco patches bug that could break its email security service with a single message
February 17, 2022

Cisco has fixed a bug that could let attackers to lock up its email security appliance with a single malicious email.

The bug, which has the ID CVE-2022-20653, affects Cisco’s Email Security Equipment (ESA), an email security gateway solution that detects and blocks email-borne malware, spam, and phishing attempts.

The dilemma lies in the ASyncOS running program that the ESA uses, according to an advisory issued by the firm this 7 days.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The dilemma lies in the appliance’s use of DNS-dependent Authentication of Named Entities (DANE) for security. DANE takes advantage of the a lot more safe DNSSEC protocol to provide added verification that a DNS report is respectable. This will make it harder for malicious actors to spoof electronic certificates or use person-in-the-center attacks to misdirect DNS requests.

Having said that, Cisco located that ASyncOS was unable to appropriately manage DNS identify resolution, opening it up to exploit by destructive inputs.

In this circumstance, the malicious input would be an email and, if crafted accurately, could freeze the appliance’s administration interface and quit it processing further more e-mail right up until it had recovered.

Cisco has categorized the vulnerability, which has a CVSS rating of 7.5, as a denial of support (DoS) bug.

“Continued attacks could lead to the product to turn into entirely unavailable, resulting in a persistent DoS problem,” Cisco warned.

The DANE function is not enabled by default, meaning that only people who have activated it will be afflicted. All those shoppers can put in Cisco’s software package updates to take care of the dilemma.

In the meantime, consumers can also configure bounce messages from the ESA alternatively of from downstream dependent email servers to halt attackers exploiting the bug, the company claimed.

The ASyncOS program noticed two other documented vulnerabilities previous 12 months. CVE-2021-1566 was a bug in its Cisco Highly developed Malware safety for Endpoints integration, permitting the interception of distant targeted traffic. The other, CVE-2021-1359, permitted attackers to obtain root privileges.


Some parts of this posting are sourced from:
www.itpro.co.uk

Previous Post: «ukrainian ddos attacks should put us on notice–researchers Ukrainian DDoS Attacks Should Put US on Notice–Researchers
Next Post: Phishing Top Threat to US Healthcare Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Dev Sabotages Popular NPM Package to Protest Russian Invasion
  • Phishers Using Ukraine Invasion to Solicit Cryptocurrency
  • Hackers spotted using CAPTCHAs to dodge email security scanners
  • FBI Launches Virtual Assets Unit
  • The Total Economic Impact™ of IBM Security MaaS360 with Watson
  • Unified endpoint management solutions 2021-22
  • Misconfigured Firebase Databases Exposing Data in Mobile Apps
  • Six myths of SIEM
  • US Passes “Game-Changing” Cyber Incident Reporting Legislation
  • How a platform approach to security monitoring initiatives adds value

Copyright © TheCyberSecurity.News, All Rights Reserved.