Vulnslist

find the latest Cisco vulnerabilities

Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability

cisco-sa-esa-dos-MxZvGtgU · High · Published · Updated

A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling in DNS name resolution by the affected software. An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device. A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition. Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU

Cisco advisory ·CSAF JSON

Workarounds

Customers may configure bounce messages from Cisco ESA instead of from downstream dependent mail servers to prevent exploitation of this vulnerability.

While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2022-20653
Cisco Bug IDsCSCvy63674
CVSS ScoreBase 7.5
Base 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Secure Email

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Secure Email known_affected cisco_csaf CVE-2022-20653 1

Related Products

Product CVE Evidence
Cisco Secure Email CVE-2022-20653 Cisco OpenVuln