Cisco Email Security Appliances with AsyncOS are vulnerable to a devastating attack for which a hacker only needs to send one smart email. A patch is available.

Cisco warns of a bug where a single email can take and keep security devices offline. Email security systems running on AsyncOS are vulnerable. This applies to all Cisco Email Security Appliance (ESA) devices. If you use such systems, it is best to update them immediately. Without the update, hackers can almost permanently take down the devices with the help of a rogue e-mail.

DDoS with one mail

The problem lies in the control of the Secure/Multipurpose Internet Mail Extentions (S/MIME) protocol. This protocol allows users to digitally sign and encrypt a mail. By deliberately adding a malicious S/MIME signature to such an e-mail, ESA is choking itself.

The process responsible for filtering mails will crash and then automatically restart. After the reboot the ESA will try again to process the same mail, with a new crash as a result. It then remains in that cycle until someone notices the problem and comes to reconfigure the device manually. In essence, therefore, a hacker can achieve the effect of a DDoS attack with a single, cleverly drafted mail.

Update

According to Cisco, the bug is not yet being exploited in the wild, but the network specialist asks everyone to install the relevant patch as soon as possible. After all, apart from patching, there is no cure for the problem. Cisco itself considers the bug (CVE-2018-15453) to be critical. As always, it is a good idea to install security patches as quickly as possible, and given the seriousness of the problem, this is now more true than ever.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.