- A zero-day in Cisco AsyncOS lets attackers gain root access on secure email appliances with spam quarantine exposed online
- All AsyncOS releases are vulnerable, and without an available patch, Cisco urges full wipes and rebuilds to remove persistence
- Researchers suspect a Chinese state-sponsored actor with many large organizations potentially at risk
Cisco warns that some of its products have a zero-day vulnerability that is now being actively exploited in attacks. There is currently no patch available and users are advised to take certain steps to harden their defenses instead.
In a security advisory, Cisco said it became aware of a new cyber attack campaign on December 10. This attack targets appliances running Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.
The bug affects both physical and virtual instances of these appliances, but only when configured with the spam quarantine feature, which must also be exposed to and accessible from the Internet.
Blaming Chinese hackers
No one has claimed responsibility for the intrusion yet, but some researchers believe it is the work of a Chinese state-sponsored threat actor.
The good news is that this feature is not enabled by default. The downside is that all releases of Cisco AsyncOS are affected by this campaign.
The attackers use this flaw to execute arbitrary commands with root privileges on the operating system, essentially taking over the compromised devices.
Cisco did not say how many companies were targeted or how many were victims, but since there is no patch for the bug right now, Cisco is advising users to take certain measures, including “restoring the appliance to a secure configuration.” In other words – to wipe and rebuild the software from scratch.
Those unable to wipe the devices should contact TAC to verify if their products were compromised and if they receive confirmation, “rebuilding the devices is currently the only viable option to eradicate the threat actor persistence mechanism from the device.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
