Threat Advisory

Critical Flaw in Cisco Lets Attackers Bypass Authentication (002)

June 20, 2022 | By Accorian

𝗖π—₯π—œπ—§π—œπ—–π—”π—Ÿ 𝗧𝗛π—₯π—˜π—”π—§ π—”π——π—©π—œπ—¦π—’π—₯𝗬

Cisco addressed a critical vulnerability which affected the Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances. The issue was due to improper authentication checks on devices using Lightweight Directory Access Protocol (LDAP) for external authentication.

Click on the link below and see how to verify if external authentication is enabled on your appliance.

Accorian regularly sends out email alerts for such threat advisories. If you too would like to receive these Threat Advisory Alerts via email, simply drop us an email atΒ Threatadvisory@accorian.io Β 

Source:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQDΒ 

Important: Kindly make sure you add us to your safe list, so these critical mails don’t get buried in your junk folder 

Hello,

Cisco addressed a critical vulnerability which affected the Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances. The vulnerability could allow attackers to bypass authentication and login into the web management portal of Cisco. Patch for the vulnerability has already been released according to Cisco. 

The vulnerability was assigned CVE-2022-20798 and a CVSS score of 9.8. The issue is due to improper authentication checks on devices using Lightweight Directory Access Protocol (LDAP) for external authentication. According to Cisco, an attacker can exploit this vulnerability by giving a specific input on the login page of the affected device and then could access the web management portal. The vulnerability affects ESA, Secure Email and Web Manager running vulnerable AsyncOS software versions 11 and earlier, 12, 12.x, 13, 13.x, 14, and 14.x which meet the below 2 conditions:

  • The devices are configured to use external authentication
  • The devices use LDAP as the authentication protocol

To verify if external authentication is enabled on your appliance, log into the web-based management interface, then go to System Administration > Users, and look for a green check box next to “Enable External Authentication.” The vulnerability does not affect its Cisco Secure Web Appliance product or Cisco Web Security Appliance (WSA). 

Accorian recommends applying the patches at the earliest. Admins who cannot immediately install CVE-2022-20798 security updates can apply a workaround that requires disabling anonymous binds on the external authentication server.Β 

Source:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQDΒ 

Threat Advisory Team 

Accorian

Recent Post

    Ready to Start?

    Shukla CPA, d.b.a Accorian Assurance is a licensed, certified public accounting firm registered with the American Institute of Pubic Accountants (AICPA) and the Public Company Accounting Oversight Board (PCAOB). Esha IT Corp d.b.a Accorian is a global leader in cybersecurity and compliance professional services.

    Β© 2023 Accorian. All Rights Reserved.

      Ready to Start?

      Download Case study

      Download SOC2 Guide

      Human Resources Director

      Posted On: 09 May, 2022

      Drop your CVs to joinourteam@accorian.com

        Interested Position
        First Name
        Last Name
        Email
        Total Experience
        Mobile Number
        Upload Resume