Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1058
Views
0
Helpful
4
Replies

Split Tunnel SMTP Exploit Bypasses Email Security Gateways

John
Level 1
Level 1

‎05-29-2017 01:57 AM

Hi Team,

How to mitigate this threat?

please refer to link below: 

http://www.darkreading.com/attacks-breaches/split-tunnel-smtp-exploit-bypasses-email-security-gateways/d/d-id/1328963  

Labels:
0 Helpful
4 Replies 4

dmccabej
Cisco Employee
Cisco Employee

‎05-30-2017 07:15 AM

Hello John,

Are you using a third-party encryption appliance in-front of or behind the ESA? The best way to mitigate these types of threats on the ESA itself would be to make sure your HAT/RAT settings are setup properly and you're not able to be used as an open relay. You can find more info on this within our end-user guide: here.

Thanks!

-Dennis M.

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee

‎05-31-2017 01:07 PM

Hi John,

The below defect was filed today to evaluate if ESA is affected by this exploit.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve63891/?reffering_site=dumpcr

I would recommend adding yourself to the notification list to keep track.

- Libin V

0 Helpful

John
Level 1
Level 1
In response to Libin Varghese

‎05-31-2017 04:27 PM

Hello Libin,

I cant view the link. "Insufficient Permissions to View Bug"

bug_4.jpg
Preview file
27 KB
0 Helpful

dmccabej
Cisco Employee
Cisco Employee
In response to John

‎05-31-2017 06:49 PM

Hello,

You won't be able to view the defect page as it's currently being reviewed by our PSIRT team. Also, since it's now being reviewed by our PSIRT team we're not able to provide any further information. I would recommend continuing to monitor the defect link that Libin has provided until it's made publically available. Until then, I would refer to my previous comment and make sure you're not setup as an open relay. 

Thanks!

-Dennis M.

0 Helpful
Top