U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Specially crafted emails could crash Cisco ESA devices

Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted emails. Cisco ESA products are affected by a DoS vulnerability, tracked as CVE-2022-20653, that resides in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA. A remote, unauthenticated attacker […]

Cisco Catalyst

Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted emails.

Cisco ESA products are affected by a DoS vulnerability, tracked as CVE-2022-20653, that resides in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA.

A remote, unauthenticated attacker can trigger the flaw by sending specially crafted emails to vulnerable devices.

The flaw is caused by insufficient error handling in DNS name resolution, the advisory pointed out that continued attacks could trigger a persistent DoS condition.

“This vulnerability is due to insufficient error handling in DNS name resolution by the affected software. An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device. A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition.” reads the advisory published by Cisco. “Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition.”

The issue only impacts Cisco ESA products running AsyncOS Software with the DANE feature (which is disabled by default) enabled and with the downstream mail servers configured to send bounce messages.

“To determine whether DANE is configured, check the web UI page Mail Policies > Destination Controls > Add Destination and verify whether the DANE Support option is enabled.” continues the advisory.

The company released security patches (Cisco AsyncOS Software Release 13.5.4.102) and also workarounds to address the vulnerability. In order to prevent the exploitation of this bug, customers may configure bounce messages from Cisco ESA instead of from downstream dependent mail servers.

The following table reports appropriate fixed software releases that fix this issue:

Cisco AsyncOS Software ReleaseFirst Fixed Release
12.5 and earlierMigrate to a fixed release.
13.013.0.3
13.513.5.4.1021
14.014.0.2.020

The vulnerability was reported by Cesare Auteri, Steven Geerts, John-Paul Straver, and Roy Wiss of Rijksoverheid Dienst ICT Uitvoering (DICTU).

The good news is that Cisco PSIRT is not aware of attacks exploiting this issue in the wild.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISCO ESA)

[adrotate banner=”5″]

[adrotate banner=”13″]