March 29, 2023

Cisco had informed  its customers that its Email Security Appliance (ESA) product is affected by a high-severity Dos vulnerability that can be exploited using specially crafted emails.

The flaw, tracked as CVE-2022-20653, affects the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA that can be exploited remotely

Advertisements

An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device. A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period until the device recovers, resulting in a DoS condition. Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition.

The vulnerability is critical but only impact the devices that has the DANE feature enabled and downstream mail servers configured to send bounce messages. Cisco noted that the DANE feature is not enabled by default.  Patches and workarounds have been made available, and Cisco has advised customers to deploy them to prevent potential exploitation.

Cisco also said that this vulnerability is not exploited in wild and not heard of any malicious activities

Tags:

Leave a Reply

You may have missed

Apple Backports ZeroDay Patches for older devices

Apple Backports ZeroDay Patches for older devices

March 28, 2023
Apache Fineract Vulnerabilities

Apache Fineract Vulnerabilities

March 28, 2023
IceID Malware Shifting Focus to Ransomwares

IceID Malware Shifting Focus to Ransomwares

March 28, 2023
Sun Pharma suffers a Security Incident

Sun Pharma suffers a Security Incident

March 28, 2023
Twitter Source Code Leak on Git

Twitter Source Code Leak on Git

March 27, 2023
Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
%d bloggers like this: