Critical Cisco bug lets hackers add root users on SEG devices

Share:

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments.

Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness that allows replacing any file on the underlying operating system.

“This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. A successful exploit could allow the attacker to replace any file on the underlying file system,” Cisco explained.

“The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.”

CVE-2024-20401 impacts SEG appliances if they’re running a vulnerable Cisco AsyncOS release and the following conditions are met:

  • The file analysis feature (part of Cisco Advanced Malware Protection) or the content filter feature is enabled and assigned to an incoming mail policy.
  • The Content Scanner Tools version is earlier than 23.3.0.4823

The fix for this vulnerability is delivered to affected devices with the Content Scanner Tools package versions 23.3.0.4823 and later. The updated version is included by default in Cisco AsyncOS for Cisco Secure Email Software releases 15.5.1-055 and later.

How to find vulnerable appliances

To determine whether file analysis is enabled, connect to the product web management interface, go to “Mail Policies > Incoming Mail Policies > Advanced Malware Protection > Mail Policy,” and check if “Enable File Analysis” is checked.

To find if content filters are enabled, open the product web interface and check if the “Content Filters” column under “Choose Mail Policies > Incoming Mail Policies > Content Filters” contains anything other than Disabled.

While vulnerable SEG appliances are permanently taken offline following successful CVE-2024-20401 attacks, Cisco advises customers to contact its Technical Assistance Center (TAC) to bring them back online, which will require manual intervention.

Cisco added that no workarounds are available for appliances impacted by this security flaw, and it advised all admins to update vulnerable appliances to secure them against attacks.

The company’s Product Security Incident Response Team (PSIRT) has not found evidence of public proof of concept exploits or exploitation attempts targeting the CVE-2024-20401 vulnerability.

On Wednesday, Cisco also fixed a maximum severity bug that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators.

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
5:58 am, Feb 11, 2025
weather icon 3°C
L: 3° | H: 4°
overcast clouds
Humidity: 93 %
Pressure: 1018 mb
Wind: 7 mph NNW
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 100%
Rain Chance: 0%
Visibility: 6 km
Sunrise: 7:21 am
Sunset: 5:07 pm
DailyHourly
Daily ForecastHourly Forecast
Today 9:00 pm
weather icon
3° | 4°°C 0.2 mm 20% 4 mph 96 % 1018 mb 0 mm/h
Tomorrow 9:00 pm
weather icon
2° | 7°°C 0 mm 0% 5 mph 96 % 1021 mb 0 mm/h
Thu Feb 13 9:00 pm
weather icon
3° | 7°°C 0 mm 0% 9 mph 77 % 1025 mb 0 mm/h
Fri Feb 14 9:00 pm
weather icon
2° | 6°°C 0 mm 0% 8 mph 78 % 1026 mb 0 mm/h
Sat Feb 15 9:00 pm
weather icon
1° | 5°°C 0 mm 0% 9 mph 75 % 1026 mb 0 mm/h
Today 6:00 am
weather icon
3° | 3°°C 0 mm 0% 4 mph 93 % 1018 mb 0 mm/h
Today 9:00 am
weather icon
3° | 3°°C 0.2 mm 20% 4 mph 95 % 1018 mb 0 mm/h
Today 12:00 pm
weather icon
3° | 3°°C 0 mm 0% 4 mph 96 % 1018 mb 0 mm/h
Today 3:00 pm
weather icon
4° | 4°°C 0 mm 0% 4 mph 86 % 1017 mb 0 mm/h
Today 6:00 pm
weather icon
4° | 4°°C 0 mm 0% 3 mph 86 % 1018 mb 0 mm/h
Today 9:00 pm
weather icon
4° | 4°°C 0 mm 0% 3 mph 84 % 1018 mb 0 mm/h
Tomorrow 12:00 am
weather icon
4° | 4°°C 0 mm 0% 2 mph 88 % 1019 mb 0 mm/h
Tomorrow 3:00 am
weather icon
3° | 3°°C 0 mm 0% 3 mph 92 % 1018 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€95,376.38
0.85%
Ethereum(ETH)
€2,622.99
2.45%
XRP(XRP)
€2.43
3.73%
Tether(USDT)
€0.97
0.01%
Solana(SOL)
€198.64
0.95%
USDC(USDC)
€0.97
0.00%
Dogecoin(DOGE)
€0.256886
5.28%
Shiba Inu(SHIB)
€0.000016
1.97%
Pepe(PEPE)
€0.000010
6.46%
Scroll to Top