Cisco has fastened a essential severity vulnerability that lets attackers add new customers with root privileges and completely crash Safety E-mail Gateway (SEG) home equipment utilizing emails with malicious attachments.
Tracked as CVE-2024-20401, this arbitrary file write safety flaw within the SEG content material scanning and message filtering options is attributable to an absolute path traversal weak spot that enables changing any file on the underlying working system.
“This vulnerability is because of improper dealing with of e-mail attachments when file evaluation and content material filters are enabled. A profitable exploit may enable the attacker to interchange any file on the underlying file system,” Cisco defined.
“The attacker may then carry out any of the next actions: add customers with root privileges, modify the system configuration, execute arbitrary code, or trigger a everlasting denial of service (DoS) situation on the affected system.”
CVE-2024-20401 impacts SEG home equipment in the event that they’re operating a weak Cisco AsyncOS launch and the next situations are met:
- The file evaluation characteristic (a part of Cisco Superior Malware Safety) or the content material filter characteristic is enabled and assigned to an incoming mail coverage.
- The Content material Scanner Instruments model is sooner than 23.3.0.4823
The repair for this vulnerability is delivered to affected units with the Content material Scanner Instruments package deal variations 23.3.0.4823 and later. The up to date model is included by default in Cisco AsyncOS for Cisco Safe E-mail Software program releases 15.5.1-055 and later.
How you can discover weak home equipment
To find out whether or not file evaluation is enabled, connect with the product net administration interface, go to “Mail Insurance policies > Incoming Mail Insurance policies > Superior Malware Safety > Mail Coverage,” and verify if “Allow File Evaluation” is checked.
To seek out if content material filters are enabled, open the product net interface and verify if the “Content material Filters” column below “Select Mail Insurance policies > Incoming Mail Insurance policies > Content material Filters” accommodates something apart from Disabled.
Whereas weak SEG home equipment are completely taken offline following profitable CVE-2024-20401 assaults, Cisco advises clients to contact its Technical Help Middle (TAC) to convey them again on-line, which would require handbook intervention.
Cisco added that no workarounds can be found for home equipment impacted by this safety flaw, and it suggested all admins to replace weak home equipment to safe them in opposition to assaults.
The corporate’s Product Safety Incident Response Group (PSIRT) has not discovered proof of public proof of idea exploits or exploitation makes an attempt concentrating on the CVE-2024-20401 vulnerability.
On Wednesday, Cisco additionally fastened a most severity bug that lets attackers change any person password on unpatched Cisco Sensible Software program Supervisor On-Prem (Cisco SSM On-Prem) license servers, together with directors.
