Cisco patches High risk Email Security Appliance DNS Verification DoS vulnerability

Cisco has released a High risk security advisory for an Email Security Appliance DNS Verification Denial of Service (DoS) vulnerability, as well as several other vulnerabilities in Nexus switches and NX-OS software.

An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.

The update on February 25, 2022 addresses the DoS vulnerability CVE-2022-20653 (CVSS Base score 7.5) caused by insufficient error handling in DNS name resolution by the affected Email Security Appliance software.

“A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device,” Cisco stated in the advisory.

Moreover, Cisco also fixed multiple other High severity vulnerabilities on February 23, 2022:

CVE #	Vulnerability Title
CVE-2022-20623	Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability
CVE-2022-20650	Cisco NX-OS Software NX-API Command Injection Vulnerability
CVE-2022-20624	Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability
CVE-2021-1586	Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability

Related Articles

• Cisco releases Critical security update for multiple vulnerabilities in Small Business RV Routers
• Cisco Talos team discovers malicious campaign delivering Nanocore, Netwire and Async RATs