An anonymous researcher publicly disclosed a series of techniques to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails.
The researcher pointed out that the attack complexity is low, it also added that working exploits have already been published by a third party. The expert disclosed the technique within a coordinated disclosure procedure.
“This report is being published within a coordinated disclosure procedure. The researcher has been in contact with the vendor but not received a satisfactory response within a given time frame.” wrote the researcher on the Full Disclosure mailing list. “As the attack complexity is low and exploits have already been published by a third party there must be no further delay in making the threads publicly known.”
The researchers explained that Cisco Secure Email Gateways can be circumvented by a remote attacker that leverages error tolerance and different MIME decoding capabilities of email clients.
The methods disclosed by the researcher could allow attackers to bypass Cisco Secure Email Gateway, they work against several email clients, such as Outlook, Thunderbird, Mutt, and Vivaldi.
The three methods are:
Cisco published a bug report warning of an issue in the Sophos and McAfee scanning engines of Cisco Secure Email Gateway that could allow an unauthenticated, remote attacker to bypass specific filtering features.
“The issue is due to improper identification of potentially malicious emails or attachments. An attacker could exploit this issue by sending a malicious email with malformed Content-Type headers (MIME Type) through an affected device.” reads the alert. “An exploit could allow the attacker to bypass default anti-malware filtering features based on the affected scanning engines and successfully deliver malicious messages to the end clients.”
The issues impact devices running with a default configuration.
The researcher explained that the code employing the attack methods, and many similar techniques to manipulate MIME encoding, are implemented in an open-source Toolkit for generating and testing bad MIME that is available on GitHub.
known for many years and have been found in the products of several vendors.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Cisco Secure Email Gateways)
[adrotate banner=”5″]
[adrotate banner=”13″]
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
This website uses cookies.