Cisco has patched a high-severity bug that might allow remote attackers to use maliciously crafted email messages to crash Cisco Secure Email devices.
DNS-based Authentication of Named Entities (DANE), a Cisco AsyncOS Software component used by Cisco Secure Email to examine emails for spam, malware, phishing, and other threats, was determined to have a security weakness (CVE-2022-20653). Rijksoverheid Dienst ICT Uitvoering (DICTU) security researchers discovered and reported an inadequate error handling flaw in DNS name resolution to Cisco.
“An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device,” Cisco clarified. “A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS [Denial-of-Service] condition.”
To make matters worse, persistent cyberattacks might render the targeted devices fully unusable, resulting in a permanent DoS state. Before the security advice was released on Wednesday, the company’s Product Security Incident Response Team (PSIRT) stated it had uncovered no indication of hostile exploitation in the wild.
While unauthenticated attackers can exploit the security flaw remotely, Cisco claims that the vulnerable DANE email verification component is disabled by default. Admins may see if DANE is enabled by visiting the Mail Policies > Destination Controls > Add Destination web UI page and verifying that the DANE Support option is enabled.
According to Cisco, CVE-2022-20653 does not affect Cisco’s Web Security Appliance (WSA), Secure Email, Web Manager, or devices without activated DANE capability. The firm also issued a fix that required users to configure bounce messages from Cisco ESA rather than downstream reliant mail servers to prevent exploitation efforts.