Cisco Email Gateway Appliance Users Should Apply Security Patch

Tech giant Cisco recently sent out a notification to its vast customer base urging them to apply a recently issued patch that addresses a critical security vulnerability. This vulnerability could allow an attacker to bypass the authentication process entirely and gain access to the web management interface of Cisco email gateway appliances with non-default configurations.

The flaw in question is being tracked as CVE-2022-20798 and is present in the external authentication routines of ESAs (Cisco’s Email Security Appliances) and Cisco Secure Email and Web Manager appliances, both virtual and hardware.

The company had this to say about the flaw:

“An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device.  A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.”

Oddly enough, this security flaw does not impact appliances with default configurations. That makes this one of the rare times where if an admin had not switched away from the default configs, he’d be safer. That is at least where this flaw is concerned.

In any case, if you have one of the Cisco appliances mentioned above on your network, be sure to apply the patch as soon as possible to minimize your risk.  If you’re unable to apply the patch for one reason or another, there is a workaround you can use in the short run, described below.

You’ll need to disable anonymous binds on the external authentication server, which should give you at least some protection and some additional time to deploy the patch.

Kudos to Cisco for their fast action here.  We can only hope that the next critical security flaw we report on is handled as adroitly by whatever company is at the helm.