- A zero day in Cisco AsyncOS allows attackers to gain root access on secure email appliances with Spam Quarantine exposed online.
- All versions of AsyncOS are vulnerable, and with no patch available, Cisco recommends complete wipes and rebuilds to remove persistence.
- Researchers suspect a Chinese state-sponsored actor, putting many large organizations at risk.
Cisco warns that some of its products have a zero-day vulnerability that is now being actively exploited in attacks. No fixes are currently available and users are advised to take certain steps to strengthen their defenses.
In a security advisory, Cisco said it became aware of a new cyberattack campaign on December 10. This attack targets devices running Cisco AsyncOS software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.
The bug affects both physical and virtual instances of these appliances, but only when they are configured with the Spam Quarantine feature, which must also be exposed and accessible from the Internet.
Blame it on Chinese hackers
No one has yet claimed responsibility for these incursions, but some researchers believe they are the work of a Chinese state-sponsored threat actor.
The good news is that this feature is not enabled by default. The downside is that all versions of Cisco AsyncOS are affected by this campaign.
Attackers use this flaw to execute arbitrary commands with root privileges on the operating system, essentially taking control of compromised devices.
Cisco did not say how many companies were targeted, or how many were victims, but since there is currently no fix for the bug, Cisco is advising users to take certain steps, including “restore the appliance to a secure configuration.” In other words, erase and rebuild the software from scratch.
Those who are unable to wipe the devices should contact TAC to verify if their products have been compromised and if they get confirmation, “device reconstruction is currently the only viable option to eradicate the device’s persistence mechanism of bad actors.”
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
