"Cisco's Email Security Appliances at Risk of DoS Attacks"

Cisco Email Security Appliance (ESA) devices are impacted by a vulnerability that could lead to the execution of Denial-of-Service (DoS) attacks. Although Cisco's product security incident response team has not seen the vulnerability being actively exploited, the company and the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) urge that the patches released to address it be applied immediately. The vulnerability, tracked as CVE-2022-20653, stems from the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco's AsyncOS software used in Cisco ESA. According to Cisco, the vulnerability exists because of insufficient error handling in DNS name resolution. In order to exploit the vulnerability, the attacker needs to send a specially-crafted email to be processed by an impacted device. The attacker can then make the device unreachable from management interfaces and block the processing of additional email messages until the device recovers, thus resulting in a DoS condition. Continued attacks could make the device completely unavailable in a persistent DoS condition. Cisco's advisory says the vulnerability affects all Cisco ESA devices running a vulnerable version of Cisco AsyncOS software with the DANE feature enabled and the downstream mail servers configured to send bounce messages. This article continues to discuss the root, potential exploitation, and impact of CVE-2022-20653, as well as the fixes released for the vulnerability and the importance of patch management. 

BankInfoSecurity reports "Cisco's Email Security Appliances at Risk of DoS Attacks"