Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager

On December 10, Cisco became aware of a new cyberattack campaign targeting a limited subset of appliances with certain ports open to the internet that are running Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. The ongoing investigation has revealed evidence of a persistence mechanism implanted by the threat actors to maintain a degree of control over compromised appliances. Cisco has remediated the vulnerability that was exploited by the threat actors as part of the cyberattack campaign. For more information about this vulnerability, see the Details section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco strongly recommends that customers follow the guidance provided in the Recommendations section of this advisory to assess exposure and mitigate risks. Cisco Talos wrote about these attacks in the blog post UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4