CVE-2022-20844 The authentication mechanism of Cisco SD-AVC could be vulnerable to an unauthenticated, remote attacker using a default username and password.

Cisco recommended the following actions be taken to protect against exploitation of this vulnerability: - Change the static username and password of the Cisco SD-AVC server. - Implement firewall rules to restrict external access to Cisco SD-AVC. - Ensure that the Cisco SD-AVC server has a non-admin level user with a password set to a strong password. Cisco notified customers of the vulnerability with the following steps: - Change the static username and password of the Cisco SD-AVC server and update the Cisco policy to block the server from being accessed. - Implement firewall rules to restrict external access to Cisco SD-AVC. - Ensure that the Cisco SD-AVC server has a non-admin level user with a password set to a strong password. Cisco encouraged customers to contact their Cisco Partners or Cisco Technical Assistance Center for further information or assistance. Cisco BEPSX (Business Endpoint Security for Exchange, SharePoint, and Active Directory) is a comprehensive solution for end-toend email security that enables you to secure all the endpoints that your organization relies on the most: Microsoft Exchange, Microsoft SharePoint and Active Directory.

Cisco BEPSX Overview

Cisco BEPSX is a comprehensive solution/service that provides granular email security solutions to secure all the endpoints that your organization relies on the most: Microsoft Exchange, Microsoft SharePoint and Active Directory. Cisco BEPSX utilizes multiple layers of security to protect you from sophisticated email-based attacks that rely on human error or malicious behavior. This includes protection against email-borne threats like phishing, spam and ransomware as well as other advanced threats like encryption, content injection and credential theft.
Cisco BEPSX is designed with the following key features in mind:
- It integrates seamlessly with Microsoft Exchange, Active Directory and SharePoint environments requiring minimal changes to your current infrastructure.
- It uses a range of technologies including anti-email scanning technology, malware detection services and advanced threat monitoring for better protection against sophisticated threats such as phishing, spam or ransomware.
- It provides flexible deployment options from cloud or premises with policy management tools for business continuity.

Other Information:

Cisco issued a security advisory on the vulnerability on March 21, 2019. Cisco also notified customers of the vulnerability with the following steps: - Change the static username and password of the Cisco SD-AVC server and update the Cisco policy to block the server from being accessed. - Implement firewall rules to restrict external access to Cisco SD-AVC. - Ensure that the Cisco SD-AVC server has a non-admin level user with a password set to a strong password.

Vulnerability Details

A vulnerability has been discovered in Cisco SD-AVC software that could allow an attacker to gain unauthorized access to the Cisco SD-AVC database. The vulnerability affects all versions of the product running on a Cisco SD-AVC infrastructure, including the latest version, 2.3.2. In order to mitigate this vulnerability, change the static username and password of the Cisco SD-AVC server and update the Cisco policy to block the server from being accessed.

Timeline

Published on: 09/30/2022 19:15:00 UTC
Last modified on: 10/05/2022 16:21:00 UTC

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdavc-ZA5fpXX2
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20844