The following is the LDAP query input that could be used to exploit this vulnerability: The following is the LDAP query input that could be used to exploit this vulnerability: UserDN:cn=ldap,ou=users,dc=example,dc=com mail:*
In the above example, replace cn=ldap,ou=users,dc=example,dc=com with the correct DN of the LDAP server. Cisco has released software updates that address these vulnerabilities in the following products: Cisco Secure Email and Web Manager :
Cisco Email Security Appliance : There are no workarounds available to mitigate this vulnerability. INDICATORS If you have enabled LDAP on your Cisco product with an external authentication server, and the information in the following tables matches your environment, then you are vulnerable to this attack. - LDAP query input - LDAP server - Cisco product - Cisco version
LDAP Query Input
In the following LDAP query input, replace cn=ldap,ou=users,dc=example,dc=com with the correct DN of the LDAP server.
LDAP Query Input that Could Be Used to Exploit the Vulnerability
The following is the LDAP query input that could be used to exploit this vulnerability: UserDN:cn=ldap,ou=users,dc=example,dc=com mail:*
In the above example, replace cn=ldap,ou=users,dc=example,dc=com with the correct DN of the LDAP server. Cisco has released software updates that address these vulnerabilities in the following products: Cisco Secure Email and Web Manager :
Cisco Email Security Appliance : There are no workarounds available to mitigate this vulnerability. INDICATORS If you have enabled LDAP on your Cisco product with an external authentication server, and the information in the following tables matches your environment, then you are vulnerable to this attack. - LDAP query input - LDAP server - Cisco product - Cisco version
-2+ user credentials-
Timeline
Published on: 06/15/2022 18:15:00 UTC
Last modified on: 06/27/2022 13:25:00 UTC