Split Tunnel SMTP Exploit Bypasses Email Security Gateways
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2017 01:57 AM
Hi Team,
How to mitigate this threat?
please refer to link below:
http://www.darkreading.com/attacks-breaches/split-tunnel-smtp-exploit-bypasses-email-security-gateways/d/d-id/1328963
- Labels:
-
Email Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2017 07:15 AM
Hello John,
Are you using a third-party encryption appliance in-front of or behind the ESA? The best way to mitigate these types of threats on the ESA itself would be to make sure your HAT/RAT settings are setup properly and you're not able to be used as an open relay. You can find more info on this within our end-user guide: here.
Thanks!
-Dennis M.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2017 01:07 PM
Hi John,
The below defect was filed today to evaluate if ESA is affected by this exploit.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve63891/?reffering_site=dumpcr
I would recommend adding yourself to the notification list to keep track.
- Libin V
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2017 04:27 PM
Hello Libin,
I cant view the link. "Insufficient Permissions to View Bug"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2017 06:49 PM
Hello,
You won't be able to view the defect page as it's currently being reviewed by our PSIRT team. Also, since it's now being reviewed by our PSIRT team we're not able to provide any further information. I would recommend continuing to monitor the defect link that Libin has provided until it's made publically available. Until then, I would refer to my previous comment and make sure you're not setup as an open relay.
Thanks!
-Dennis M.
