cisco-sa-sma-esa-auth-bypass-66kEcxQD: Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability
First published: Wed Jun 15 2022(Updated: )
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD
Credit: This vulnerability was found during the resolution a Cisco TAC support case
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AsyncOS | =14.1<14.1.0-250=14.0<14.0.0-418=13.8<13.8.1-090=13.6<13.6.2-090>=11 and earlier=12=12.8<=13.0<13.0.0-277 | 14.1.0-250 14.0.0-418 13.8.1-090 13.6.2-090 13.0.0-277 |
| Cisco AsyncOS | =14<14.0.1-033<11=11=12<=13<13.0.5-001 | 14.0.1-033 13.0.5-001 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is cisco-sa-sma-esa-auth-bypass-66kEcxQD.
What is the severity level of this vulnerability?
The severity level of this vulnerability is critical.
What is the affected software?
The affected software is Cisco Secure Email and Web Manager (SMA) and Cisco Email Security Appliance (ESA).
How does the vulnerability allow an attacker to bypass authentication?
The vulnerability in the external authentication functionality allows an unauthenticated, remote attacker to bypass authentication and log in to the web management interface.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to upgrade to a version of Cisco AsyncOS that includes the necessary security patches.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/severity
- agent/remedy
- agent/title
- agent/author
- agent/description
- agent/event
- agent/tags
- vendor/cisco
- canonical/cisco asyncos
- version/cisco asyncos/14.1
- version/cisco asyncos/14.0
- version/cisco asyncos/13.8
- version/cisco asyncos/13.6
- version/cisco asyncos/11 and earlier
- version/cisco asyncos/12
- version/cisco asyncos/12.8
- version/cisco asyncos/13.0
- version/cisco asyncos/14
- version/cisco asyncos/11
- version/cisco asyncos/13