Serious Cisco malicious program lets hackers add root users on SEG units
Cisco has mounted a principal severity vulnerability that lets attackers add original users with root privileges and permanently atomize Security E mail Gateway (SEG) home equipment the usage of emails with malicious attachments.
Tracked as CVE-2024-20401, this arbitrary file write security flaw within the SEG express scanning and message filtering substances is precipitated by an absolute course traversal weakness that enables replacing any file on the underlying working device.
“This vulnerability is attributable to spoiled going thru of electronic mail attachments when file prognosis and express filters are enabled. A a hit exploit might possibly perhaps perhaps allow the attacker to exchange any file on the underlying file device,” Cisco explained.
“The attacker might possibly perhaps perhaps then mark any of the following actions: add users with root privileges, modify the tool configuration, construct arbitrary code, or reason a everlasting denial of provider (DoS) condition on the affected tool.”
CVE-2024-20401 impacts SEG home equipment within the event that they’re running a susceptible Cisco AsyncOS free up and the following conditions are met:
- The file prognosis feature (section of Cisco Superior Malware Protection) or the express filter feature is enabled and assigned to an incoming mail policy.
- The Announce material Scanner Instruments model is earlier than 23.3.0.4823
The fix for this vulnerability is introduced to affected units with the Announce material Scanner Instruments kit versions 23.3.0.4823 and later. The updated model is incorporated by default in Cisco AsyncOS for Cisco Stable E mail Tool releases 15.5.1-055 and later.
The actual contrivance to score susceptible home equipment
To search out out whether file prognosis is enabled, join to the product web administration interface, toddle to “Mail Insurance policies > Incoming Mail Insurance policies > Superior Malware Protection > Mail Protection,” and review if “Enable File Prognosis” is checked.
To search out if express filters are enabled, open the product web interface and review if the “Announce material Filters” column beneath “Resolve Mail Insurance policies > Incoming Mail Insurance policies > Announce material Filters” contains something else totally different than Disabled.
While susceptible SEG home equipment are permanently taken offline following a hit CVE-2024-20401 assaults, Cisco advises prospects to contact its Technical Assistance Middle (TAC) to raise them motivate on-line, which is in a insist to require manual intervention.
Cisco added that no workarounds might possibly be found in for home equipment impacted by this security flaw, and it told all admins to update susceptible home equipment to derive them against assaults.
The firm’s Product Security Incident Response Crew (PSIRT) has no longer chanced on proof of public proof of thought exploits or exploitation makes an strive concentrated on the CVE-2024-20401 vulnerability.
On Wednesday, Cisco also mounted a most severity malicious program that lets attackers trade any user password on unpatched Cisco Neat Tool Supervisor On-Prem (Cisco SSM On-Prem) license servers, including administrators.