Split Tunnel SMTP Exploit Bypasses Email Security Gateways

John · ‎05-29-2017

Hi Team,

How to mitigate this threat?

please refer to link below:

http://www.darkreading.com/attacks-breaches/split-tunnel-smtp-exploit-bypasses-email-security-gateways/d/d-id/1328963

dmccabej · ‎05-30-2017

Hello John,

Are you using a third-party encryption appliance in-front of or behind the ESA? The best way to mitigate these types of threats on the ESA itself would be to make sure your HAT/RAT settings are setup properly and you're not able to be used as an open relay. You can find more info on this within our end-user guide: here.

Thanks!

-Dennis M.

Libin Varghese · ‎05-31-2017

Hi John,

The below defect was filed today to evaluate if ESA is affected by this exploit.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve63891/?reffering_site=dumpcr

I would recommend adding yourself to the notification list to keep track.

- Libin V

John · ‎05-31-2017

Hello Libin,

I cant view the link. "Insufficient Permissions to View Bug"

dmccabej · ‎05-31-2017

Hello,

You won't be able to view the defect page as it's currently being reviewed by our PSIRT team. Also, since it's now being reviewed by our PSIRT team we're not able to provide any further information. I would recommend continuing to monitor the defect link that Libin has provided until it's made publically available. Until then, I would refer to my previous comment and make sure you're not setup as an open relay.

Thanks!

-Dennis M.