• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical flaw in cisco secure email and web manager lets

Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication

You are here: Home / General Cyber Security News / Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication
June 16, 2022

Cisco on Wednesday rolled out fixes to deal with a critical security flaw affecting Email Security Equipment (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication.

Assigned the CVE identifier CVE-2022-20798, the bypass vulnerability is rated 9.8 out of a most of 10 on the CVSS scoring technique and stems from improper authentication checks when an impacted device takes advantage of Lightweight Listing Entry Protocol (LDAP) for external authentication.

CyberSecurity

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“An attacker could exploit this vulnerability by entering a unique enter on the login site of the impacted device,” Cisco famous in an advisory. “A prosperous exploit could let the attacker to achieve unauthorized obtain to the web-based administration interface of the affected unit.”

The flaw, which it stated was discovered during the resolution of a technological help middle (TAC) scenario, impacts ESA and Secure Email and Web Manager managing susceptible AsyncOS software program variations 11 and before, 12, 12.x, 13, 13.x, 14, and 14.x and when the subsequent two problems are satisfied –

  • The gadgets are configured to use external authentication, and
  • The units use LDAP as authentication protocol

CyberSecurity

Individually, Cisco also notified customers of a further critical flaw impacting its Tiny Enterprise RV110W, RV130, RV130W, and RV215W routers that could let an unauthenticated, remote adversary to execute arbitrary code or cause an afflicted device to restart unexpectedly, ensuing in a denial of assistance (DoS) affliction.

The bug, tracked as CVE-2022-20825 (CVSS rating: 9.8), relates to a case of inadequate user enter validation of incoming HTTP packets. Nevertheless, Cisco mentioned it neither plans to release software program updates nor workarounds to resolve the flaw, for the reason that the solutions have arrived at stop-of-life.

Discovered this report appealing? Comply with THN on Fb, Twitter  and LinkedIn to examine more distinctive material we article.


Some pieces of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News BeanVPN leaks 25 million user records
Next Post: MaliBot: A New Android Banking Trojan Spotted in the Wild malibot: a new android banking trojan spotted in the wild»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz

Copyright © TheCyberSecurity.News, All Rights Reserved.