Cisco is currently addressing a critical security issue as Chinese hackers have been identified exploiting a zero-day vulnerability in some of the company’s key products. The vulnerability allows for complete device takeover, with no available patches at present.
On December 10, Cisco revealed a hacking campaign targeting its AsyncOS software, specifically affecting Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager appliances. The exploit targets devices with the ‘Spam Quarantine’ feature enabled and accessible via the internet.
While the attack surface may be limited by the need for an internet-facing management interface and specific enabled features, cybersecurity experts express concerns about the scale of affected organizations, the absence of patches, and the potential for hackers to establish backdoors.
Cisco, currently in the investigation phase, has not disclosed the number of impacted customers but is actively working on a permanent fix for the vulnerability.
Source: TechCrunch
Leave a Reply