A critical vulnerability of Cisco Secure Email allows attackers to bypass authentication

image

This week, Cisco notified customers about the correction of a critical vulnerability that allows attackers to bypass authentication and enter the Cisco Mail Gateway device management web interface.

The vulnerability, tracked as CVE-2022-20798, was discovered in the external authentication functions of Cisco Email Security Appliance (ESA) virtual and hardware devices and Cisco Secure Email and Web Manager. CVE-2022-20798 is caused by incorrect authentication on vulnerable devices using Lightweight Directory Access Protocol ( LDAP) for external authentication.

“An attacker can exploit this vulnerability by entering a specific set of data on the target device’s login page,” Cisco explained. “Successful exploitation of the vulnerability allows an attacker to gain unauthorized access to the device’s web management interface.”

The newsletter published on Wednesday says that the vulnerability was discovered during the solution of a problem that arose in the Cisco Technical Support Center TAC (Technical Assistance Center). The Cisco Products Incident Response Team (PSIRT) stated that it is not aware of any publicly available exploits for this vulnerability or the use of CVE-2022-20798 in the wild.

According to Cisco, the external authentication feature is disabled by default, which means that only devices with a custom configuration will be affected. The company also claims that this vulnerability does not affect the Cisco Secure Web Appliance.

Administrators who cannot immediately install security updates CVE-2022-20798 can also apply a workaround – disable anonymous bindings on an external authentication server.

Recall that Cisco is finally leaving Russia. The company’s employees have been on paid leave for three months since March 2022 after the announcement of the suspension of activities in Russia.

Start a discussion …