Contact Us
InteliSecure
  • Managed Security Services
    • Our Differentiation
    • Critical Asset Protection Programs
    • SOC Structure
    • Mid-Market Solutions
    • Supported Technologies
  • Solutions
    • Data Protection
    • Threat Protection
    • Security Strategy
    • Incident Response
    • Governance, Risk
      & Compliance
    • PCI DSS
  • Security Assessments & Pen Testing
    • Penetration Testing Services
    • Cyber Essentials Certification (U.K.)
    • Configuration and Code Reviews
    • Terminology
  • About
    • Leadership
    • Board of Directors
    • Careers
    • Events
    • Blog
    • News Room
    • Certifications
    • Case Studies, eBooks and Whitepapers
    • Threat Alert Notifications
Main Menu
  • Forrester Names InteliSecure a Strong Performer in the Emerging Managed Security Services Provider Wave!

    Forrester Names InteliSecure a Strong Performer in the Emerging Managed Security Services Provider Wave!

    Learn More
  • Managed DLP Services for Mid-Market Organizations

    Managed DLP Services for Mid-Market Organizations

    Learn More
  • Benchmark Your Cyber Security Efforts Regarding Critical Data Protection

    Benchmark Your Cyber Security Efforts Regarding Critical Data Protection

    Take the Survey
  • New Whitepaper: Inadequate Penetration Testing Puts Data in the Crosshairs

    New Whitepaper: Inadequate Penetration Testing Puts Data in the Crosshairs

    Download Now

InteliSecure Earns CREST Certification in the United States

Risk & Compliance

Security strategy and certification assistance services to meet internal, industry and governmental needs.

Data Protection

Professional, technical and managed services to protect your most critical data assets.

Threat Protection

Solutions that help protect your organization from malicious attacks.

“We selected InteliSecure’s Managed DLP Service to offload the burden of monitoring day to day incidents as well as supporting our cloud strategy, allowing us to focus our resources appropriately. Intelisecure have been professional from the outset, and give us confidence that the DLP program will continue to develop and grow with our business over time.”
– Head of Information Security, Major UK-based News Outlet.

Blog

  • Cisco® Email Security Appliance (Cisco® ESA) Non-RFC MIME Format Executable Attachment Bypass (CSCvh03786) (CVE-2018-0419)

    Author: Liam Romanis

    In October 2017 InteliSecure were performing penetration testing activities for an important client.  One of the tasks involved performing tests against the client’s E-Mail content analysis systems. Various types of E-Mail were sent with attached executable files compressed and encrypted in various ways. These were blocked by the content analysis device, Cisco® Email Security Appliance (Cisco® ESA), previously known as Ironport.

    In addition, E-Mails were sent with several types of malformed MIME formatting with executables attached in non-standard ways. One of these E-Mails passed by the executable blocking rules, which was reported to be an E-Mail without an attachment by Cisco® ESA, was accepted as a valid E-Mail with an executable attachment by Microsoft® Outlook. It was found that various other types of file could be sneaked past Cisco® ESA using the same method.  Interestingly, if the malicious email was then forwarded outside the organisation via Cisco ESA the same executable was blocked.

    Whilst the CVSS3 score given by Cisco® in their advisory in August 2018 was 5.3, based on a minor integrity weakness in Cisco® ESA, the impact of this vulnerability could be greater given that malicious E-Mail is used to proliferate malware infected files, such as Trojans, Viruses and Ransomware. The exponential growth in E-Mail borne attacks has been observed since the beginnings of the Security Industry and is continuing to grow given the ease with which new malware can be developed using tools available on the Dark Web.

    Cisco® ESA versions 10.0.0-203 and 11.0.0-264 are known to be affected however, Cisco has listed the issue as ‘Fixed’ but has not indicated where updated ESA software can be downloaded.

    One interim workaround may be to create custom rules to looks for strings like ‘.exe’, ‘.com’, ‘.dll’, ‘.ps1’ and block E-Mails matching those however, due to Microsoft CreateNewProcess API executables with non-matching extensions may still execute.

    InteliSecure recommends ensuring that endpoint security and Anti-Virus products be kept up to date. Application white listing should also be implemented so that users can only execute authorised executables. Additional Intrusion Detection or Intrusion Prevention devices could also be considered. To defend against ransomware, InteliSecure recommends that offline backups be taken of all important data.  If an incident occurs, backups should be scanned to ensure that files are not infected before they are restored.

    Please refer to the Cisco Advisory for further information: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh03786

    InteliSecure would like to thank our client for allowing us to pursue this vulnerability to try and encourage a fix to be produced.

    InteliSecure would also like to thank the Cisco® developers and PSIRT for dealing with this issue rapidly.

    If any organisations are unsure whether their Cisco ESA system is vulnerable InteliSecure would be happy to discuss this issue further.

Visit Our Blog to Read More »

Contact Us
  • Managed Security Services
    • Our Differentiation
    • Critical Asset Protection Programs
    • SOC Structure
    • Intelisecure Platform
    • Supported Technologies
  • Solutions
    • Data Protection
    • Threat Protection
    • Security Strategy
    • Incident Response
    • Governance, Risk & Compliance
    • PCI DSS
  • Security Assessments & Pen Testing
    • Terminology
    • Types of Tests
    • Configuration and Code Reviews
    • Approaches
  • About Us
    • Leadership
    • Board of Directors
    • Careers
    • Events
    • Blog
    • News Room
    • Certifications
    • Resources
    • Privacy Policy
    • Site Map
© 2019 InteliSecure. All rights reserved.
Notice
This site uses cookies to help provide our visitors with the best possible experience. By using this site, you agree to our use of cookies. More information can be found on our privacy and cookie usage page.
View Our Privacy Policy »
Continue