Cisco reports critical flaw in Cisco Secure Email Gateway enabling arbitrary file write
Take action: If you are using Cisco's Secure Email Gateway check your content scanner and content filtering configuration. It's quite possible you have selected all defenses and are now vulnerable to a very serious exploit. You can either disable these filters (not the best mitigation), or just update Cisco's Secure Email Gateway. You can't ignore the problem since the email gateway is designed to be visible on the internet so attackers will find it.
Learn More
Cisco is reporting a vulnerability affecting its Secure Email Gateway product.
Thee vulnerability, tracked as CVE-2024-20401 (CVSS score 9.9) arises from improper handling of email attachments in Cisco's Secure Email Gateway. When either the file analysis or content filter features are enabled, an attacker can exploit this vulnerability by sending a specially crafted email attachment. Successful exploitation allows the attacker to overwrite any file on the underlying system, potentially adding users with root privileges, modifying device configurations, executing arbitrary code, or causing a permanent denial of service (DoS) condition requiring manual recovery.
The Cisco Secure Email Gateway is vulnerable if using Content Scanner Tools version earlier than 23.3.0.4823 and if file analysis or content filter features are enabled.
The fix is included in Content Scanner Tools version 23.3.0.4823 and later, which are part of Cisco AsyncOS for Secure Email Software releases 15.5.1-055 and later.
Users are advised to update the Content Scanner Tools to version 23.3.0.4823 or later. Manual intervention is required if a DoS condition is triggered.
