Cisco has discovered a flaw that allowed threat actors to crash its Secure Email platform, researchers have claimed.
The flaw, tracked as CVE-2022-20653, was found by security researchers from Rijksoverheid Dienst ICT Uitvoering (DICTU). It was discovered in DNS-based Authentication of Named Entities (DANE), a component of Cisco AsyncOS Software that Cisco Secure Email uses, perhaps ironically, to check for spam, phishing, malware, and other threats.
The flaw is triggered by insufficient error handling in the DNS name resolution.
Attacking via email
"An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device," Cisco explained. “A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS [Denial-of-Service] condition."
An attacker can abuse the flaw perpetually, creating a state of persistent denial of service (DoS) on the target endpoint.
Although the issue is severe, and the service should be updated to the newest version immediately, Cisco says it did not find evidence of the flaw being abused in the wild through viruses or malware.
The company says it has addressed the issue, and a patch is already available.
The company also added that the vulnerable DANE email verification feature is not turned on by default, but admins should still double-check their settings. These settings can be found by navigating to Mail Policies > Destination Controls > Add Destination web UI page. There, admins should be able to confirm if DANE Support is turned on or off.
Furthermore, Cisco confirmed that its Web Security Appliance (WSA) and Secure Email and Web Manager are not susceptible to the flaw, and neither are devices without the DANE feature turned on.
- You might also want to check out our list of the best firewalls right now
Via: BleepingComputer
