Networking giant Cisco has issued warnings about potential vulnerabilities in its email security appliance and Web security appliances.
The company did issue a patch for one appliance, hours after Microsoft delivered its monthly Patch Tuesday update, which is sure to add to the workload of IT management teams.
The first vulnerability concerns the DNS resolution function of the Cisco Web Security Appliance (WSA). This flaw could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to DNS name resolution failing through the device.
A patch is available to fix this flaw.
The second vulnerability is a bit more problematic, as Cisco says there are currently no available software updates.
This flaw has to do with the Cisco Email Security Appliance (ESA), which apparently “contains a vulnerability that could allow an unauthenticated, remote attacker to impact the integrity and availability of services and data on the affected device. The impact includes a partial denial of service (DoS). In addition, the attacker could override part of the memory of the affected device.”
Cisco blamed this flaw on an improper validation of string input in the web application. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. As there are no fixes as of yet, the company advises administrators to contact Cisco directly, and also to consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
The third vulnerability also has no software updates to tackle it. This flaw is located in the web interface of the Cisco Web Security Appliance (WSA). It could potentially allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to memory management failures during processing of TCP connections.
“The vulnerability is due to the improper handling of a malformed HTTP server responses,” said Cisco. “An unauthenticated, remote attacker with a privileged network position could exploit the vulnerability by conducting a man-in-the-middle (MitM) attack and supplying malformed HTTP server responses to the vulnerable device.”
A successful exploit could allow the attacker to cause the device to improperly close TCP connections and fail to free memory resources, resulting in a partial DoS condition.
Again, Cisco said that administrators should consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems. It also said that physical security measures should be implemented for production servers.
Earlier in the summer, Cisco released a patch for three of its virtual appliances after it was discovered they contain default, authorised SSH keys that could allow an attacker virtually complete access to compromised systems.
That vulnerability affected all of Cisco’s Web Security Virtual Appliances (WSAv), Email Security Virtual Appliances (ESAv), and Content Security Management Virtual Appliances (SMav), and was found by Cisco during internal tests.
Take our hacking and viruses quiz here!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…