A critical vulnerability affecting several Cisco products has been exploited by hackers, allowing for full device takeovers. The announcement comes from Cisco, which revealed that this hacking campaign was identified on December 10, specifically targeting Cisco AsyncOS software utilized in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances.
Currently, there are no available patches for the affected devices, which feature an enabled “Spam Quarantine” and are accessible from the internet. While this feature is not turned on by default, Cisco noted that it can still pose a risk. Security experts have expressed concerns over the widespread use of these products among large organizations, with Kevin Beaumont highlighting the potential for significant impact due to the absence of patches and unknown durations of backdoor access.
In light of the situation, Cisco is advising customers to wipe and rebuild the software on compromised appliances, as this is the only method to ensure the removal of threat actors. The company is actively investigating the incident and is working on a permanent solution. Cisco Talos has linked the hackers to China and identified them as connected to known government hacking groups.