July 18, 2024 By Sergiu Gatlan
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments.
Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness that allows replacing any file on the underlying operating system.
"This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. A successful exploit could allow the attacker to replace any file on the underlying file system," Cisco explained.
"The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device."
CVE-2024-20401 impacts SEG appliances if they're running a vulnerable Cisco AsyncOS release and the following conditions are met:
- The file analysis feature (part of Cisco Advanced Malware Protection) or the content filter feature is enabled and assigned to an incoming mail policy.
- The Content Scanner Tools version is earlier than 23.3.0.4823
The fix for this vulnerability is delivered to affected devices with the Content Scanner Tools package versions 23.3.0.4823 and later. The updated version is included by default in Cisco AsyncOS for Cisco Secure Email Software releases 15.5.1-055 and later.
