Vulnerability in Cisco Email Security Appliance allows sending malicious content

Cybersecurity specialists from a prestigious firm have disclosed the presence of a critical vulnerability in the email message scanning tool of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA). If exploited, this flaw could allow an unauthenticated, remote threat actor to bypass configured filters on the targeted device.

According to the report, the vulnerability, tracked as CVE-2020-3133, exists due to inadequate validation of incoming emails. Malicious hackers could abuse of this condition by simply sending a specially crafted email message to the target user, protected with ESA enabled.

Successful exploitation could trigger a bypass of user-configured filters, allowing attackers to inject malicious content into the device. The flaw is only exploitable with local access to the target system.

When Cisco received the report, it was confirmed that this vulnerability was affecting any Cisco ESA releases earlier than 13.0.

After receiving the report, the company started working to release the corresponding software updates to address this vulnerability. So far, there are no known workarounds to mitigate exploitation risk, so users of affected implementations must install the official updates as soon as possible.

More details about this vulnerability, possible attack scenarios and available updates are on the company’s official platforms.