Apr 18, 2024
Cisco Fixed Critical Authentication Bypass Vulnerability Affecting Some Products
Cisco fixed a vulnerability discovered in the external authentication functionality of Secure Email and Web Manager. The vulnerability could allow threat actors to bypass authentication and log on to the web. The vulnerability tracked as CVE-2022-20798 has a 9.8 CVSS score.
How Does the Vulnerability Affect?
When a critically vulnerable device uses LDAP (Lightweight Directory Access Protocol) for external authentication, it performs insufficient authentication checks, creating a favorable condition for potential attacks.
Attackers can exploit the vulnerability with a specially crafted entry on the login screens of affected devices. After a successful exploit, they can gain access to the device’s web-based management interface.
Which Products Are Affected?
The vulnerability, code CVE-2022-20798, affects 11 and earlier, 12, 12.x, 13, 13.x, 14, and 14.x versions of Cisco ESA and Cisco Secure Email and Web Manager products running a vulnerable version of Cisco AsyncOS. Cisco underlines two conditions for the vulnerability to be exploited.
- Devices are configured to use external authentication.
- Devices using LDAP as the authentication protocol.
Cisco adds that external authentication is turned off in the default settings, and customers who turn on this setting are vulnerable to vulnerability.
Cisco Released Workaround and Patch
Cisco stated there is no evidence of any exploit so far, and released both the workaround and the patches. The company recommends disabling anonymous connections on the server with external authentication as a workaround. Although this solution did well in testing, it is strongly recommended that customers apply the latest security updates.
The patched products and versions are as follows:
Secure Email and Web Manager
|
Cisco AsyncOS Release |
Fixed Release |
|
11 and earlier |
Recommended to upgrade to a patched version. |
|
12 |
Recommended to upgrade to a patched version. |
|
12.8 |
Recommended to upgrade to a patched version. |
|
13.0 |
13.0.0-277 |
|
13.6 |
13.6.2-090 |
|
13.8 |
13.8.1-090 |
|
14.0 |
14.0.0-418 |
|
14.1 |
14.1.0-250 |
Email Security Appliance
|
Cisco AsyncOS Release |
Fixed Release |
|
11 and earlier |
Recommended to upgrade to a patched version. |
|
11 |
Recommended to upgrade to a patched version. |
|
12 |
Recommended to upgrade to a patched version. |
|
13 |
Recommended to upgrade to a patched version. |
|
14 |
14.0.1-033 |
Use SOCRadar® FOR FREE 1 YEAR
With SOCRadar® Free Edition, you’ll be able to:
- Prevent Ransomware attacks with Free External Attack Surface Management
- Get Instant alerts for fraudulent domains against phishing and BEC attacks
- Monitor Deep Web and Dark Net for threat trends
- Get vulnerability intelligence when a critical zero-day is disclosed
- Get IOC search & APT tracking & threat hunting in one place
- Get notified with data breach detection
Free for 12 months for one corporate domain and 100 auto-discovered digital assets.
Get Free Access.
Related Articles
Subscribe to our newsletter and stay updated on the latest insights!
