Critical Flaw in Cisco Lets Attackers Bypass Authentication (002)

𝗖π—₯π—œπ—§π—œπ—–π—”π—Ÿ 𝗧𝗛π—₯π—˜π—”π—§ π—”π——π—©π—œπ—¦π—’π—₯𝗬

Cisco addressed a critical vulnerability which affected the Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances. The issue was due to improper authentication checks on devices using Lightweight Directory Access Protocol (LDAP) for external authentication.

Click on the link below and see how to verify if external authentication is enabled on your appliance.

Accorian regularly sends out email alerts for such threat advisories. If you too would like to receive these Threat Advisory Alerts via email, simply drop us an email at Threatadvisory@accorian.io  

Source:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD 

Important: Kindly make sure you add us to your safe list, so these critical mails don’t get buried in your junk folder 

Hello,

Cisco addressed a critical vulnerability which affected the Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances. The vulnerability could allow attackers to bypass authentication and login into the web management portal of Cisco. Patch for the vulnerability has already been released according to Cisco. 

The vulnerability was assigned CVE-2022-20798 and a CVSS score of 9.8. The issue is due to improper authentication checks on devices using Lightweight Directory Access Protocol (LDAP) for external authentication. According to Cisco, an attacker can exploit this vulnerability by giving a specific input on the login page of the affected device and then could access the web management portal. The vulnerability affects ESA, Secure Email and Web Manager running vulnerable AsyncOS software versions 11 and earlier, 12, 12.x, 13, 13.x, 14, and 14.x which meet the below 2 conditions:

  • The devices are configured to use external authentication
  • The devices use LDAP as the authentication protocol

To verify if external authentication is enabled on your appliance, log into the web-based management interface, then go to System Administration > Users, and look for a green check box next to “Enable External Authentication.” The vulnerability does not affect its Cisco Secure Web Appliance product or Cisco Web Security Appliance (WSA). 

Accorian recommends applying the patches at the earliest. Admins who cannot immediately install CVE-2022-20798 security updates can apply a workaround that requires disabling anonymous binds on the external authentication server. 

Source:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD 

Threat Advisory Team 

Accorian

Resources

Related Threat Advisory

Focus On Your Business While We Focus On
Your Security

Focus On Your Business While We Focus On Your Security

Start Here

Security Compliance & Assessment Services

Consulting & Assessment Services

Contact Information

E. info@accorian.com

T. +1-732-443-3468

Linkedin Youtube

Privacy Policy

Office Address

Accorian Head Office

6, Alvin Ct, East Brunswick, NJ 08816 USA

Accorian Canada

Toronto

Accorian India

Ground Floor, 11, Brigade Terraces, Cambridge Rd, Halasuru, Udani Layout, Bengaluru, Karnataka 560008, India

Contact Us