Cisco Secure Email gateways can be crashed using this simple bug

Flaw is triggered by insufficient error handling in the DNS name resolution

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cisco has discovered a flaw that allowed threat actors to crash its Secure Email platform, researchers have claimed.

The flaw, tracked as CVE-2022-20653, was found by security researchers from Rijksoverheid Dienst ICT Uitvoering (DICTU). It was discovered in DNS-based Authentication of Named Entities (DANE), a component of Cisco AsyncOS Software that Cisco Secure Email uses, perhaps ironically, to check for spam, phishing, malware, and other threats.

The flaw is triggered by insufficient error handling in the DNS name resolution.

Attacking via email

“An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device,” Cisco explained. “A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additionalemailmessages for a period of time until the device recovers, resulting in a DoS [Denial-of-Service] condition."

An attacker can abuse the flaw perpetually, creating a state of persistent denial of service (DoS) on the targetendpoint.

Although the issue is severe, and the service should be updated to the newest version immediately, Cisco says it did not find evidence of the flaw being abused in the wild throughvirusesor malware.

The company says it has addressed the issue, and a patch is already available.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Cisco routers suffer from multiple maximum severity security bugs>Critical Cisco vulnerabilities put millions of network devices at risk>Cisco fixes major security flaw affecting VPN routers

The company also added that the vulnerable DANE email verification feature is not turned on by default, but admins should still double-check their settings. These settings can be found by navigating to Mail Policies > Destination Controls > Add Destination web UI page. There, admins should be able to confirm if DANE Support is turned on or off.

Furthermore, Cisco confirmed that its Web Security Appliance (WSA) and Secure Email and Web Manager are not susceptible to the flaw, and neither are devices without the DANE feature turned on.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Anker Nebula Mars 3 review: A powerful and truly portable projector