Cisco Secure Email Gateway Vulnerability: Arbitrary File Overwrite Confirmed
CVE-2024-20401
Summary
A vulnerability exists within Cisco Secure Email Gateway's content scanning and message filtering features, allowing unauthenticated remote attackers to overwrite arbitrary files on the underlying operating system. This issue arises from improper handling of email attachments when file analysis and content filters are enabled. An attacker can exploit this vulnerability by sending a specially crafted email with an attachment through a compromised device. If successful, the attacker gains the ability to replace any file on the system, which may lead to several serious consequences, such as elevating privileges, altering device configurations, executing arbitrary code, or initiating a permanent denial of service (DoS) condition. Recovery from the DoS condition necessitates manual intervention, and impacted users are encouraged to seek support from the Cisco Technical Assistance Center (TAC) for resolution.
Affected Version(s)
Cisco Secure Email
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments.
7 months ago
Help Net SecurityCisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) - Help Net Security
CVE-2024-20401 enables overwriting files on Cisco Secure Email Gateways, CVE-2024-20419 allows changing account passwords on SSM On-Prem.
7 months ago
References
CVSS V3.1
Timeline
- 📰
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved