Serious Cisco bug lets hackers add root customers on SEG devices
Cisco has mounted a fundamental severity vulnerability that lets attackers add contemporary customers with root privileges and completely rupture Security Email Gateway (SEG) appliances the use of emails with malicious attachments.
Tracked as CVE-2024-20401, this arbitrary file write security flaw within the SEG dispute material scanning and message filtering plan is caused by an absolute route traversal weak point that enables changing any file on the underlying running machine.
“This vulnerability is resulting from imperfect going through of electronic mail attachments when file diagnosis and dispute material filters are enabled. A successful exploit may maybe well maybe allow the attacker to interchange any file on the underlying file machine,” Cisco explained.
“The attacker may maybe well maybe then web any of the next actions: add customers with root privileges, adjust the tool configuration, create arbitrary code, or cause a everlasting denial of service (DoS) situation on the affected tool.”
CVE-2024-20401 impacts SEG appliances if they’re working a inclined Cisco AsyncOS beginning and the next cases are met:
- The file diagnosis characteristic (a part of Cisco Superior Malware Security) or the dispute material filter characteristic is enabled and assigned to an incoming mail coverage.
- The Advise material Scanner Tools version is sooner than 23.3.0.4823
The fix for this vulnerability is delivered to affected devices with the Advise material Scanner Tools kit variations 23.3.0.4823 and later. The updated version is integrated by default in Cisco AsyncOS for Cisco Stable Email Tool releases 15.5.1-055 and later.
Easy the superb system to salvage inclined appliances
To salvage out whether or no longer file diagnosis is enabled, join to the product web administration interface, crawl to “Mail Policies > Incoming Mail Policies > Superior Malware Security > Mail Protection,” and test if “Allow File Analysis” is checked.
To salvage if dispute material filters are enabled, inaugurate the product web interface and test if the “Advise material Filters” column below “Resolve Mail Policies > Incoming Mail Policies > Advise material Filters” incorporates the rest a form of than Disabled.
While inclined SEG appliances are completely taken offline following successful CVE-2024-20401 assaults, Cisco advises potentialities to contact its Technical Assistance Heart (TAC) to express them aid on-line, which can require handbook intervention.
Cisco added that no workarounds are on hand for appliances impacted by this security flaw, and it told all admins to update inclined appliances to derive them in opposition to assaults.
The corporate’s Product Security Incident Response Team (PSIRT) has no longer found evidence of public proof of thought exploits or exploitation attempts focusing on the CVE-2024-20401 vulnerability.
On Wednesday, Cisco also mounted a maximum severity bug that lets attackers change any particular person password on unpatched Cisco Ravishing Tool Supervisor On-Prem (Cisco SSM On-Prem) license servers, including directors.