The tool “Cisco SMA Exposure Check” detects open ports and services that have been exploited in recent attacks, as detailed in Cisco’s advisory.
Developed by GitHub user StasonJatham and released publicly today, the script targets indicators of compromise tied to the flaw, which allows unauthenticated remote attackers to execute arbitrary code via exposed management and quarantine interfaces.
Attackers have weaponized ports like TCP 82, 83, 443, 8080, 8443, and 9443 for admin access, alongside quarantine endpoints on 6025, 82, 83, 8443, and 9443.
The tool scans these, performs HTTP/S fingerprinting (server headers, status codes, redirects, auth realms, Cisco-specific keywords, and version patterns), and checks common paths such as /quarantine, /spamquarantine, /spam, /sma-login, and /login.
It also grabs raw socket banners and flags indicators of active exploitation, including strings like “AquaShell,” “AquaTunnel,” “Chisel,” and “AquaPurge” – hallmarks of post-compromise tools observed in the wild.
Requiring only Python 3’s standard library, the script runs in seconds:
textpython3 cisco-sa-sma-attack-N9bf4.py [-v] [-t <timeout-seconds>] <host-or-domain>
| Port Type | Exposed Ports | Risk Level |
|---|---|---|
| Admin/Mgmt | 82, 83, 443, 8080, 8443, 9443 | Critical |
| Quarantine/Spam | 6025, 82, 83, 8443, 9443 | High |
Results flag vulnerable configs, enabling admins to firewall ports, apply Cisco patches, or isolate systems urgently.
Cisco’s advisory warns of active exploitation, urging immediate mitigation. With no CVSS score published yet, the vulnerability’s unauthenticated RCE potential echoes past SMA flaws.
This tool fills a detection gap, empowering SecOps teams sans commercial scanners. StasonJatham stresses responsible use: “Only test authorized systems.”
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post New Tool Released to Detect Cisco Secure Email Gateway 0-Day Vulnerability Exploited in the Wild appeared first on Cyber Security News.
Nintendo has advised fans to ensure they have Resident Evil Requiem's day one patch installed…
The Marathon Server Slam is off to a quick start, with impressive player numbers on…
Where Winds Meet is taking us back to "one of China's most glorious eras," the…
Feb. 26, 2026 An innovative gel mattress material and design patented by a Sioux Falls…
November 11, 2025, New York City Dear Salih, You asked me to write an essay…
Tableland.xyz – Cloudflare customer – (United States) Developers across the blockchain ecosystem use .xyz domains…
This website uses cookies.