On Wednesday, Cisco released patches for Email Security Appliance (ESA) and Secure Email and Web Manager to address a significant security hole that might allow an unauthenticated, remote attacker to bypass authentication.
The bypass vulnerability, which has been assigned the CVE identifier CVE-2022-20798, is scored 9.8 out of 10 on the CVSS scoring system. It is caused by faulty authentication checks when an afflicted device employs Lightweight Directory Access Protocol (LDAP) for external verification.
“An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device,” Cisco disclosed in an advisory. “A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.”
The vulnerability, which it said was discovered during the handling of a technical assistance center (TAC) case, affects ESA and Secure Email and Web Manager running susceptible AsyncOS software versions 11 and earlier, 12, 12.x, 13, 13.x, 14, and 14.x, and when the following two criteria are fulfilled –
- The devices are configured to use external authentication, and
- The devices use LDAP as an authentication protocol
Cisco also issued a security advisory for its Small Business RV110W, RV130, RV130W, and RV215W routers, which might let an unauthenticated, remote attacker execute arbitrary code or force an affected device to restart unexpectedly, resulting in a denial of service (DoS) issue.
The vulnerability, tracked as CVE-2022-20825 (CVSS score of 9.8), affects inbound HTTP packets due to poor user input validation. On the other hand, Cisco stated that it has no plans to offer software updates or workarounds to fix the problem because the products have reached their end of life.