Pierluigi Paganini
June 16, 2022
Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email and Web Manager. The flaw, tracked as CVE-2022-20798 (CVSS score 9.8), can be exploited by an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of a vulnerable device.
The vulnerability was discovered by IT giant during the resolution of a TAC support case.
The flaw could be easily exploited by entering a specific input on the login page of the affected device.
“A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device.” reads the advisory published by Cisco. “This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.”
Below are the impacted software releases:
| Cisco AsyncOS Release | First Fixed Release |
|---|---|
| 111 and earlier | Migrate to fixed release. |
| 12 | Migrate to fixed release. |
| 12.8 | Migrate to fixed release. |
| 13.0 | 13.0.0-277 |
| 13.6 | 13.6.2-090 |
| 13.8 | 13.8.1-090 |
| 14.0 | 14.0.0-418 |
| 14.1 | 14.1.0-250 |
Email Security Appliance: CSCvy13453
| Cisco AsyncOS Release | First Fixed Release |
|---|---|
| Earlier than 111 | Migrate to fixed release. |
| 11 | Migrate to fixed release. |
| 12 | Migrate to fixed release. |
| 13 | Migrate to fixed release. |
| 14 | 14.0.1-033 |
The good news is that Cisco PSIRT is not aware of any attacks in the wild exploiting this flaw:
Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.
Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)
To nominate, please visit:
https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Cisco ESA)
[adrotate banner=”5″]
[adrotate banner=”13″]
