CVE-2022-20664: Cisco warns of security holes in its security appliances

Cisco warns of security holes in its security appliances (06/22)

Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

CVE-2022-20664 (06/15)

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials.

NIST: NVD  Base Score:  N/A  NVD score not yet provided.

CNA:  Cisco Systems, Inc.  Base Score:  7.7 HIGH

Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability (06/15)

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected Products

    Vulnerable Products

This vulnerability affects Cisco Secure Email and Web Manager and Cisco Email Security Appliance (ESA), both virtual and hardware appliances, if all of the following conditions are met:

• They are running a vulnerable release of Cisco AsyncOS Software.
• They are configured to use external authentication.
• They are using LDAP as an authentication protocol.

    Note: External authentication is disabled by default.

Determine whether external authentication is enabled:

1. Log in to the web management interface of Cisco Secure Email and Web Manager or Cisco ESA.
2. Navigate to System Administration > Users > External Authentication > Enable External Authentication.
3. If the green check mark is present, external authentication is enabled.

For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.