Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails

Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance (ESA) that could result in a denial-of-service (DoS) condition on an affected device.

The weakness, assigned the identifier CVE-2022-20653 (CVSS score: 7.5), stems from a case of insufficient error handling in DNS name resolution that could be abused by an unauthenticated, remote attacker to send a specially crafted email message and cause a DoS.

“A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition,” the company said in an advisory. “Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition.”

The flaw impacts Cisco ESA devices running Cisco AsyncOS Software running versions 14.0, 13.5, 13.0, 12.5 and earlier and have the “DANE feature enabled and with the downstream mail servers configured to send bounce messages.” DANE is short for DNS-based Authentication of Named Entities, which is used for outbound mail validation.

Cisco credited researchers from ICT service provider Rijksoverheid Dienst ICT Uitvoering (DICTU) for reporting the vulnerability, Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *