- A zero-day in Cisco AsyncOS allows attackers to gain root access on secure email devices with spam quarantine exposed online
- All versions of AsyncOS are vulnerable, and without a patch available, Cisco is urging full wipes and rebuilds to eliminate persistence.
- Investigators suspect a Chinese state-sponsored actor, with many large organizations potentially at risk.
Cisco warns that some of its products have a zero-day vulnerability that is now being actively exploited in attacks. There is currently no patch available and users are advised to take certain steps to strengthen their defenses.
In a security advisory, Cisco said it became aware of a new cyberattack campaign on December 10. This attack targets devices running Cisco AsyncOS software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.
The bug affects both physical and virtual instances of these devices, but only when they are configured with the Spam Quarantine feature, which must also be exposed and accessible from the Internet.
Blame Chinese hackers
No one has claimed responsibility for the incursions yet, but some researchers believe they are the work of a Chinese state-sponsored threat actor.
The good news is that this feature is not enabled by default. The downside is that all versions of Cisco AsyncOS are affected by this campaign.
Attackers are using this flaw to execute arbitrary commands with root privileges on the operating system, essentially taking over compromised devices.
Cisco did not say how many companies were attacked or how many were victims, but since there is no patch for the bug at this time, Cisco advises users to take certain steps, including “restore the device to a safe configuration.” In other words: erase and rebuild the software from scratch.
Those who cannot wipe the devices should contact TAC to verify if their products were compromised and, if they get confirmation, “rebuilding the devices is currently the only viable option to eradicate the threat actor persistence mechanism from the device.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
