Critical Flaw in Cisco Secure Email and Web Manager Allows Attackers to Bypass Authentication
Cisco on Wednesday rolled out patches to address a critical security flaw affecting Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated remote attacker to bypass authentication.
Assigned CVE identifier CVE-2022-20798The bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS rating system and stems from incorrect authentication checks when an affected device uses the lightweight directory access protocol (LDAP) for external authentication.
“An attacker could exploit this vulnerability by entering a specific entry on the affected device’s login page,” Cisco noted in an advisory. “A successful exploit could allow the attacker to gain unauthorized access to the affected device’s web management interface.”
The flaw, which it says was identified during a Technical Assistance Center (TAC) case resolution, affects ESA and Secure Email and Web Manager running vulnerable versions of AsyncOS software 11 and earlier, 12, 12.x, 13, 13.x, 14 and 14.x and when the following two conditions are met –
- Devices are configured to use external authentication, and
- Devices use LDAP as the authentication protocol
Separately, Cisco also notified customers of another critical flaw affecting its Small Business RV110W, RV130, RV130W, and RV215W routers that could allow an unauthenticated remote adversary to execute arbitrary code or cause the device to restart unexpectedly. an affected device, resulting in a denial of service. (Back).
The bug, tracked as CVE-2022-20825 (CVSS score: 9.8), addresses a case of insufficient user input validation of incoming HTTP packets. However, Cisco said it does not plan to release software updates or workarounds to address the flaw as the products have reached end of life.