- Pro
- Security
A patch is still being worked on, so Cisco users take care
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Image credit: TechRadar
(Image credit: Future)
Share
Share by:
- Copy link
- X
- Threads
- A zero‑day in Cisco AsyncOS lets attackers gain root access on Secure Email appliances with Spam Quarantine exposed online
- All AsyncOS releases are vulnerable, and with no patch available Cisco urges full wipes and rebuilds to remove persistence
- Researchers suspect a Chinese state‑sponsored actor, with many large organizations potentially at risk
Cisco is warning that some of its products have a zero-day vulnerability that is now being actively exploited in attacks. There is currently no patch available, and users are advised to take certain steps to harden their defenses instead.
In a security advisory, Cisco said it became aware of a new cyberattack campaign on December 10. This attack targets appliances running Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.
The bug affects both physical and virtual instances of these appliances, but only when they are configured with the Spam Quarantine feature, which also needs to be exposed to, and reachable from the internet.
You may like-
Cisco firewalls are facing another huge surge of attacks - here's what we know about these latest issues
-
US Government tells agencies to patch Cisco firewalls immediately, or face attack
-
Hackers turn Cisco and Citrix zero-days into a malware nightmare
Blaming Chinese hackers
No one has claimed responsibility for the incursions just yet, but some researchers believe this is the work of a Chinese state-sponsored threat actor.
The good news is that this feature is not enabled by default. The downside is that all releases of Cisco AsyncOS are affected by this campaign.
The attackers are using this flaw to execute arbitrary commands with root privileges on the operating system, essentially taking over the compromised devices.
Cisco did not say how many companies were targeted, or how many fell victim, but since there is no patch for the bug right now, Cisco advises users to take certain measures, including “restoring the appliance to a secure configuration”. In other words - wiping and rebuilding the software from the ground up.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.Those that are unable to wipe the appliances should contact TAC to check if their products were compromised and if they get a confirmation, “rebuilding the appliances is currently the only viable option to eradicate the threat actors’ persistence mechanism from the appliance.”
The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Sead FadilpašićSocial Links NavigationSead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Show More CommentsYou must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
Cisco firewalls are facing another huge surge of attacks - here's what we know about these latest issues
US Government tells agencies to patch Cisco firewalls immediately, or face attack
Hackers turn Cisco and Citrix zero-days into a malware nightmare
Around 50,000 Cisco firewalls are vulnerable to attack, so patch now
Cisco warns zero-day vulnerability exploited in attacks on IOS software
CISA warns exploited Cisco flaws are a serious risk, so patch now
Latest in Security
Auto giant LKQ says it's the latest firm to be hit by Oracle EBS data breach
Having Windows app issues? Microsoft is making businesses reach out directly to get a fix
CISA reveals warning on Asus software flaw, here's what you need to do to stay safe
AI-generated code contains more bugs and errors than human output
PayPal user beware - experts warn subscriptions being abused to send fake purchase emails
AWS systems targeted by crypto mining scam using hijacked IAM credentials
Latest in News
Bethesda reportedly held a secret Starfield event to showcase an upcoming update that will add faster loading times and technical improvements to the Creation Engine, along with a PS5 port that will be announced in 2026
Amazon's Fallout characters are coming to Call of Duty: Black Ops 7 and Warzone Season 01 Reloaded
The RAM crisis may lead to much better game optimization, and that's great
New data shows that only 1.6 million units of video game hardware were sold in the US in November, making it the worst month since 1995
ExpressVPN rolls out major Qt update to boost speed and unify desktop apps
Apple just took spatial photos to another level with this mind-blowing AI tool
LATEST ARTICLES- 13 Wear OS features you're probably not using, but should be
- 2Mark Manson on the problem with self-help and why his AI app is different
- 3Hurry! Claim your free ByteSim for your next trip to Japan exclusively on TechRadar
- 4Alldocube IWork GT Ultra review
- 5Bethesda reportedly held a secret Starfield event to showcase an upcoming update that will add faster loading times and technical improvements to the Creation Engine, along with a PS5 port that will be announced in 2026