Cisco had informed its customers that its Email Security Appliance (ESA) product is affected by a high-severity Dos vulnerability that can be exploited using specially crafted emails.
The flaw, tracked as CVE-2022-20653, affects the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA that can be exploited remotely
An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device. A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period until the device recovers, resulting in a DoS condition. Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition.
The vulnerability is critical but only impact the devices that has the DANE feature enabled and downstream mail servers configured to send bounce messages. Cisco noted that the DANE feature is not enabled by default. Patches and workarounds have been made available, and Cisco has advised customers to deploy them to prevent potential exploitation.
Cisco also said that this vulnerability is not exploited in wild and not heard of any malicious activities