Black Arrow Cyber Advisory 22 July 2024 – Critical Cisco Secure Email Gateway File Write Vulnerability

Executive summary

Cisco has released a patch for a critical vulnerability in their Secure Email Gateway (SEG) which could allow attackers to replace any file on the underlying system, add users with root privileges, modify the device configuration or cause permanent denial of service (DoS) conditions on the affected device by sending an email with crafted malicious attachments when file and content analysis is enabled.

What’s the risk to me or my business?

While this vulnerability has not yet been exploited in the wild, the ingress point through emails is of concern since the product is designed to receive and scan emails for malicious content, meaning that an attacker simply has to send a specially crafted email to compromise the device, potentially exposing any emails that are sent/received through the device.

What can I do?

Cisco has released a patch which should be applied as soon as possible, following the organisations software and firmware update procedures, including testing as necessary. Devices which are in the permanently DoS condition will need support from Cisco’s Technical Assistance Center to recover the device to a working state.

Technical Summary

CVE-2024-20401 – This vulnerability, caused by incorrect handling of email attachments with enabled file analysis and content filters, could allow an attacker to replace system files. This could lead to adding root users, altering device settings, running arbitrary code, or causing a permanent DoS condition on the device.

Further information on the Cisco vulnerability can be found here:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Previous
Previous

Black Arrow Cyber Advisory 23 July 2024 – Splunk Path Traversal Vulnerability

Next
Next

Black Arrow Cyber Threat Briefing 19 July 2024