Cisco fixed a critical Bypass Authentication flaw in Cisco ESA and Secure Email and Web Manager

Pierluigi Paganini June 16, 2022

Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager.

Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email and Web Manager. The flaw, tracked as CVE-2022-20798 (CVSS score 9.8), can be exploited by an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of a vulnerable device.

The vulnerability was discovered by IT giant during the resolution of a TAC support case.

The flaw could be easily exploited by entering a specific input on the login page of the affected device.

“A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device.” reads the advisory published by Cisco. “This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.”

Below are the impacted software releases:

Cisco AsyncOS ReleaseFirst Fixed Release
111 and earlierMigrate to fixed release.
12Migrate to fixed release.
12.8Migrate to fixed release.
13.013.0.0-277
13.613.6.2-090
13.813.8.1-090
14.014.0.0-418
14.114.1.0-250

Email Security Appliance: CSCvy13453

Cisco AsyncOS ReleaseFirst Fixed Release
Earlier than 111Migrate to fixed release.
11Migrate to fixed release.
12Migrate to fixed release.
13Migrate to fixed release.
1414.0.1-033

The good news is that Cisco PSIRT is not aware of any attacks in the wild exploiting this flaw:

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit: 

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco ESA)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment