Cisco fixed a series of security holes in its products including two vulnerabilities, one of which is critical, that open its email security appliances to denial of service (DoS) attacks.
Both vulnerabilities affect the Cisco AsyncOS Software for Cisco Email Security Appliances, and can end up exploited remotely by unauthenticated attackers.
CVE-2018-15453 can end up leveraged by sending a malicious S/MIME-signed email through a targeted device.
“If decryption and verification or public key harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again,” the company said in an advisory.
“A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA,” officials said in the advisory.
Cisco released software updates that address this vulnerability. In addition, there are no workarounds.
The vulnerability, CVE-2018-15460 can end up exploited by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit can cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages.
Cisco released software updates that address this vulnerability. In addition, there are workarounds that address this vulnerability.
There are two possible workarounds to address this vulnerability:
1. If Global URL Filtering is not needed, administrators can disable it by following these steps:
• On the ESA, navigate to Security Services > URL Filtering.
• Click on Edit Global Settings and set Use a URL whitelist to None. This disables the global whitelist.
• Commit the Changes.
2. If the URL Filtering feature is needed, the same level of filtering can be achieved by implementing a single whitelist per Content Filter, after disabling the Global URL Filtering, as described in step 1. Administrators can choose a specific URL Reputation range or set of URL Categories to apply the whitelist to via the Content Filter. The required steps are as follows:
• On the ESA, navigate to Mail Policies > Incoming Content Filters
• [Optionally] Create a new Content Filter by clicking Add Filter
• Click on the desired Content Filter > Add Action > URL Reputation > Select Custom Range
• Input the desired range
• [Alternatively] Add Action > URL Categories > Add desired Categories set
• Choose the desired whitelist
• Click OK > Submit
• Commit the Changes