Email bug lets attackers bypass Security
June 16th, 2022 - Written By CyberLabs
As notified by Cisco of the security flaw (tracked as CVE-2022-20798) was found in the external authentication functionality of virtual and hardware Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances. Customers were requested this week to patch this critical vulnerability that allow threat actors to bypass authentication login in to the web management interface of Cisco email gateway appliances with non-default configurations. CVE-2022-20798 is due to improper authentication checks on affected devices using Lightweight Directory Access Protocol (LDAP) for external authentication. “An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device,” Cisco elaborated. “A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.”
It has been stated that the bug was uncovered during the resolution of a Cisco TAC (technical Assistance Center) support case. Cisco’s Product Security Incident Response Team (PSIRT) said it’s not aware of any publicly available exploits for this security bug or malicious use of the vulnerability in the wild. Furthermore, the bug only affects appliances configured to use external authentication and LDAP as the authentication protocol. According to the company, the external authentication feature is disabled by default, meaning only devices with non-default configurations are impacted. Cisco also says this vulnerability does not affect its Cisco Secure Web Appliance product, previously known as Cisco Web Security Appliance (WSA).
Yesterday the 15th June 2022, Cisco also announced it wouldn’t fix a critical zero-day bug affecting end-of-life RV110W, RV130, RV130W, and RV215W SMB routers, allowing attackers to execute arbitrary commands with root-level privileges.
