U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CVE-2016-6406 – CISCO reported a critical flaw in email security appliances (ESA)

Cisco issued a security advisory about a vulnerability, tracked as CVE-2016-6406, affecting the Email Security Appliance Internal Testing Interface. Cisco Systems reported the existence a vulnerability (CVE-2016-6406) in the email security appliances that could be exploited by a remote unauthenticated attacker to gain complete control of the security solution. The vulnerability is related the Cisco IronPort AsyncOS […]

cisco esa

Cisco issued a security advisory about a vulnerability, tracked as CVE-2016-6406, affecting the Email Security Appliance Internal Testing Interface.

Cisco Systems reported the existence a vulnerability (CVE-2016-6406) in the email security appliances that could be exploited by a remote unauthenticated attacker to gain complete control of the security solution.

The vulnerability is related the Cisco IronPort AsyncOS operating system for which the company issued a security bulletin last week. On Wednesday the company provided a software update that fixes the security issue and further information about it.

The flaw is tied to an internal testing and debugging interface implemented by CISCO that is accessible on the IronPort AsyncOS operating system.

“A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device. The vulnerability is due to the presence of a Cisco internal testing and debugging interface (intended for use during product manufacturing only) on customer-available software releases.” reads the security advisory issued by CISCO.

“An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an attacker to obtain complete control of an affected device with root-level privileges,” 

cisco-esa

According to CISCO, the Cisco Email Security Appliances (ESA) physical and virtual devices running any of the following software releases are affected by the CVE-2016-6406 vulnerability:

  • 9.1.2-023
  • 9.1.2-028
  • 9.1.2-036
  • 9.7.2-046
  • 9.7.2-047
  • 9.7-2-054
  • 10.0.0-124
  • 10.0.0-125

CISCO explained that in order to determine whether a vulnerable version of Cisco AsyncOS Software is running on a Cisco ESA, it is possible to use the “version” command in the ESA command-line interface (CLI). The following example shows the results for a device running Cisco AsyncOS Software version 8.5.7-044:

Cisco also reported the existence of a workaround that could allow administrators to block the remote access to vulnerable email security appliances.

“The debugging and testing interface can be disabled by rebooting an affected device. In order to reboot an ESA device, issue the reboot command from the CLI. The interface will be permanently disabled and unavailable once the device has finished rebooting.” added CISCO.

[adrotate banner=”9″]

(Security Affairs – CISCO ESA, CVE-2016-6406)