Cisco Email Security Appliance Vulnerable To a “Continuous” Denial-of-Service Loop

Cisco has recently patched a bunch of security vulnerabilities existing in their product line. While most of the vulnerabilities had a medium severity level, one of these attained critical severity rating. This critical flaw existed in the Cisco Email Security Appliance. As explained by Cisco, exploiting this bug could trigger continuous DoS state.

Critical Vulnerability Patched In Cisco Email Security Appliance

Cisco has patched a critical security flaw in Cisco Email Security Appliance. Allegedly, exploiting the bug could trigger a permanent denial of service loop.

The vulnerability existed in the Cisco AsyncOS – the software for the Cisco ESA. Precisely, it affected the S/MIME feature of the software that could allow an attacker for remote attacks. The attacker merely had to send a malicious email to the target device. The target device would eventually crash due to permanent DoS state after repeated attempts of processing the malicious S/MIME-signed email.

As stated in Cisco’s security advisory,

“The vulnerability is due to improper input validation of S/MIME-signed emails… If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition.”

Cisco has deemed this ESA memory corruption DoS vulnerability (CVE-2018-15453) as critical, which has achieved a CVSS base score of 8.6.

At present, Cisco confirmed the inexistence of any workarounds to mitigate the flaw. So, the users must ensure that they update their systems at the earliest to protect themselves from such annoying situations.

Another High-Severity Vulnerability Threatened Cisco ESA

Apart from the critical vulnerability discussed above, Cisco ESA also suffered a high-severity vulnerability. This flaw also existed in the Cisco AsyncOS Software. Exploiting this vulnerability could allow an attacker to increase the target machine’s memory usage, leading to a DoS state.

Explaining about the flaw in their advisory, Cisco stated,

“The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages.”

This Cisco ESA URL Filtering DoS vulnerability (CVE-2018-15460) has also received a CVSS base score of 8.6 with a high severity rating.

To mitigate this vulnerability, Cisco has explained two workarounds. The first one is to disable the Global URL Filtering if the feature is not required. The second one is to disable the Global URL Filtering and then implement a single whitelist per Content Filter.

Fortunately, Cisco has patched both the bugs before any exploitation in the wild. The users of the Cisco Email Security Appliance should ensure updating their systems to the patched versions.

Apart from the above two flaws, Cisco has also patched 16 other vulnerabilities that threatened different Cisco products. However, all these vulnerabilities were not as damaging and only attained a medium- severity rating.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients