QID 317198
Date Published: 2022-06-16
QID 317198: Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability (cisco-sa-sma-esa-auth-bypass-66kEcxQD)
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device.
Affected Products
Cisco ESA, Cisco SMA, if they are running a vulnerable release of Cisco AsyncOS Software and the following are true:
The devices are configured to use external authentication.
The devices use LDAP as authentication protocol.
Note: This QID is not checking for workarounds.
QID Detection Logic (Authenticated):
The check matches Cisco ESA OS version and Cisco SMA OS version retrieved via Unix Auth using "version" command.
A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.
Customers are advised to refer to cisco-sa-sma-esa-auth-bypass-66kEcxQD for more information.
- cisco-sa-sma-esa-auth-bypass-66kEcxQD -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD
CVEs related to QID 317198
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-sma-esa-auth-bypass-66kEcxQD |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD |