The blog post discusses how Cisco Talos identified a Chinese-nexus threat actor, UAT-9686, using a custom persistence mechanism called ‘AquaShell’ to conduct malicious activities. Despite the warning, Cisco took seven weeks to issue a patch for the vulnerability in AsyncOS.
The delay in issuing the patch raised questions about its impact, as the exploit only affects a subset of customers with specific configurations. While the feature targeted by the exploit is not enabled by default, some organizations may have exposed it to the internet for remote spam quarantine management.
Vulnerable customers running Cisco AsyncOS Software with exposed Spam Quarantine services must apply the patch to secure their systems. Simply disabling public access to the service may not be sufficient, highlighting the importance of prompt security updates in mitigating potential risks.
