Threat Advisory

Critical Flaw in Cisco Lets Attackers Bypass Authentication (002)

June 20, 2022 | By Accorian

𝗖𝗥𝗜𝗧𝗜𝗖𝗔𝗟 𝗧𝗛𝗥𝗘𝗔𝗧 𝗔𝗗𝗩𝗜𝗦𝗢𝗥𝗬

Cisco addressed a critical vulnerability which affected the Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances. The issue was due to improper authentication checks on devices using Lightweight Directory Access Protocol (LDAP) for external authentication.

Click on the link below and see how to verify if external authentication is enabled on your appliance.

Accorian regularly sends out email alerts for such threat advisories. If you too would like to receive these Threat Advisory Alerts via email, simply drop us an email at Threatadvisory@accorian.io  

Source:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD 

Important: Kindly make sure you add us to your safe list, so these critical mails don’t get buried in your junk folder 

Hello,

Cisco addressed a critical vulnerability which affected the Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances. The vulnerability could allow attackers to bypass authentication and login into the web management portal of Cisco. Patch for the vulnerability has already been released according to Cisco. 

The vulnerability was assigned CVE-2022-20798 and a CVSS score of 9.8. The issue is due to improper authentication checks on devices using Lightweight Directory Access Protocol (LDAP) for external authentication. According to Cisco, an attacker can exploit this vulnerability by giving a specific input on the login page of the affected device and then could access the web management portal. The vulnerability affects ESA, Secure Email and Web Manager running vulnerable AsyncOS software versions 11 and earlier, 12, 12.x, 13, 13.x, 14, and 14.x which meet the below 2 conditions:

  • The devices are configured to use external authentication
  • The devices use LDAP as the authentication protocol

To verify if external authentication is enabled on your appliance, log into the web-based management interface, then go to System Administration > Users, and look for a green check box next to “Enable External Authentication.” The vulnerability does not affect its Cisco Secure Web Appliance product or Cisco Web Security Appliance (WSA). 

Accorian recommends applying the patches at the earliest. Admins who cannot immediately install CVE-2022-20798 security updates can apply a workaround that requires disabling anonymous binds on the external authentication server. 

Source:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD 

Threat Advisory Team 

Accorian

Recent Post

Ready to Start?

Ready to Start?​


Drop your CVs to joinourteam@accorian.com

Interested Position

Download Case study

Download SOC2 Guide