Cisco email security appliances can be used to send malicious emails

Email security vulnerability could cause malicious attack, but receives patches

Cisco Email security appliance could be Crashed Malicious emails can be sent when the vulnerability is exploited

Cisco's Email Security Appliances (ESAs) seem to have a dangerous flaw. Cisco recently released security updates to contain three vulnerabilities affecting its products. One of the vulnerabilities is highly important, leading to severe security breaches. It is stated that an ESA flaw could result in a denial-of-service (DoS) condition on an affected device. The vulnerability in question could be exploited by using specially crafted emails.[1]

This serious flaw then could affect the DNS-based Authentication of Named Entities (DANE) email verification component and could even be exploited remotely without any form of authentication. In the wake of finding out about the most recent vulnerabilities that could lead to serious incidents, Cisco came out with the security advisory in which, important points were made.

Cisco warns users that crime actors could be exploiting this flaw using emails. If said exploit would end up being successful, the device would be unreachable and unavailable and with that, a persistent DoS problem would arise. However, it is important to point out that the discussed flaw could only impact devices that have the DANE feature enabled, and Cisco themselves note, that the DANE feature is not enabled by default.[2]

Cisco has already patched the resurfaced flaws

Cisco found out about threatening flaws thanks to researchers from ICT service provider Rijksoverheid Dienst ICT Uitvoering (DICTU). They did report the flaws and added, that no evidence of crime actors acting on said flaws was spotted. However, there was more than one vulnerability. Prime Infrastructure and Evolved Programmable Network Manager, and Redundancy Configuration Manager apparently also have some problems.

These flaws could enable an adversary to execute arbitrary code. In Prime Infrastructure and Evolved Programmable Network Manager case, cross-site scripting could be flawed and with Cisco Redundancy Configuration Manager, StarOS Software TCP denial-of-service (DoS) vulnerability could arise. An only week or so back, Cisco also had problems with its RV Series routers. However, flaws were quickly patched.[3]

It is not the only news surrounding Cisco in recent days though. Recently, the news came out that Apache Cassandra database software is potentially risky as it could leave the door open for remote code execution attacks. It is said that this risk is rated an 8.4 on the CVSS scale. The flaw is happening due to a failure to properly sanitize user-defined function (UDF) inputs. It is important because many companies are using Apache Cassandra, Cisco included.[4]

Cisco is a prominent global company that could attract hackers attention

Cisco is a United States-based technology company that is best known for its networking products. Cisco develops, manufactures, and sells networking hardware, telecoms equipment, and other IT services and products.[5] Cisco is a significant company that often becomes the target of criminal actors and hackers. Due to that, other businesses and users who have connections with Cisco are potential targets.

With corporate cyberattacks rising by 50% in the last year, security matters more than ever. Even more importantly, hackers and crime actors seem to target internet service providers (ISP) and managed service providers (MSP) quite often.

Last year, attacks on such companies rose at least 67%.[6] With this in mind, businesses and the users of their services alike need to take all precautionary measures to avoid becoming victims of vicious cybercrimes.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions