A China linked advanced persistent threat has been exploiting a previously unknown vulnerability in Cisco email security appliances, while a separate wave of large scale brute force attacks has targeted virtual private networks from Cisco and Palo Alto Networks, security researchers said.
Cisco said on Wednesday it had identified a threat group it tracks as UAT 9686 that has been abusing a critical zero day flaw in appliances running its AsyncOS software. The vulnerability, tracked as CVE 2025 20393, carries a maximum severity score of 10 and remains unpatched.
AsyncOS powers Cisco Secure Email Gateway and Secure Email and Web Manager products, which are used to protect organisations from spam and malware and to centrally manage email security systems. The flaw affects systems where the Spam Quarantine feature is enabled and accessible from the internet.
Under those conditions, attackers can bypass normal controls, gain root level access and run arbitrary commands on the appliance and potentially connected systems.
Cisco said the activity dates back to at least late November.
According to Cisco Talos, UAT 9686 used the vulnerability to deploy multiple tools after gaining access, including the open source tunnelling utility Chisel and a custom malware family known as Aqua.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: