A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server.

The vulnerability is due to a lack of certificate validation during the HTTPS connection toward the repository from which the update manifests are retrieved.

An attacker could exploit this vulnerability by performing a man-in-the-middle attack (such as DNS hijacking) and impersonating the update server.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server.

The vulnerability is due to a lack of certificate validation during the HTTPS connection toward the repository from which the update manifests are retrieved.

An attacker could exploit this vulnerability by performing a man-in-the-middle attack (such as DNS hijacking) and impersonating the update server.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos

Security Impact Rating: Medium

CVE: CVE-2016-1411

Leave a Reply