Cisco Secure Email bug can let attackers bypass authentication

by | Jun 16, 2022 | News

Cisco critical vulnerability bypass authentication

Post Views: 294

Premium Content

patreon

Subscribe to Patreon to watch this episode.

 

Reading Time: 2 Minutes

Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations.

 

 

The security flaw (tracked as CVE-2022-20798) was found in the external authentication functionality of virtual and hardware Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances.

CVE-2022-20798 is due to improper authentication checks on affected devices using Lightweight Directory Access Protocol (LDAP) for external authentication.

“An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device,” Cisco explained.

“A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.”

An advisory published on Wednesday says the bug was discovered during the resolution of a Cisco TAC (Technical Assistance Center) support case.

Cisco’s Product Security Incident Response Team (PSIRT) said it’s not aware of any publicly available exploits for this security bug or malicious use of the vulnerability in the wild.

 

 

 

See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course

 

 

Solutions

 

Doesn’t affect default configurations

 

This bug only affects appliances configured to use external authentication and LDAP as the authentication protocol.

Luckily, according to Cisco, the external authentication feature is disabled by default, meaning only devices with non-default configurations are impacted.

To check if external auth is enabled on your appliance, log into the web-based management interface, go to System Administration > Users, and look for a green check box next to “Enable External Authentication.”

 

 

 
 
 

See Also: This new Linux malware is ‘almost impossible’ to detect

 

 

Cisco also says this vulnerability does not affect its Cisco Secure Web Appliance product, previously known as Cisco Web Security Appliance (WSA).

Admins who cannot immediately install CVE-2022-20798 security updates can also apply a workaround that requires disabling anonymous binds on the external authentication server.

Another Secure Email gateway flaw patched in February could allow remote attackers to crash unpatched appliances using maliciously crafted email messages.

 

See Also: Recon Tool: Domain Analyzer

 

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

 

 

Today, Cisco also announced it wouldn’t fix a critical zero-day bug affecting end-of-life RV110W, RV130, RV130W, and RV215W SMB routers, allowing attackers to execute arbitrary commands with root-level privileges.

 

 

See Also: The Difference between Vulnerability Assessment and Pentesting

 

Source: bleepingcomputer.com

Source Link

 

 

 

 

 

Merch

Share This