Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability

cisco-sa-sma-esa-auth-bypass-66kEcxQD · Critical · Published 3 years ago · Updated 3 years ago

Data: Cisco advisories 1 day ago · Cisco CSAF 5 hours ago · NVD CVEs 8 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD

Cisco advisory ·CSAF JSON

Workarounds

There is a workaround that addresses this vulnerability. Administrators can disable the anonymous binds on the external authentication server.

Note: This action must be performed on the server that handles external authentication. Administrators should work with their networking teams to implement this workaround. The external authentication feature provided by the Cisco Secure devices should not be hindered by this workaround.

While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEs	CVE-2022-20798
Cisco Bug IDs	CSCvx88026 , CSCvy13453
CVSS Score	Base 9.8 Base 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Products with public affected evidence

Product	CVE	Affected evidence
Cisco Secure Email and Web Manager	CVE-2022-20798	structured affected CSAF product_status
Cisco Secure Email	CVE-2022-20798	structured affected CSAF product_status