July 18, 2024 at 08:51AM
Cisco has resolved a critical vulnerability (CVE-2024-20401) in Security Email Gateway (SEG) appliances, allowing attackers to add new users with root privileges and cause a permanent denial of service. The flaw involves an absolute path traversal weakness. Affected appliances running certain Cisco AsyncOS releases can be fixed with updated Content Scanner Tools versions. No workarounds are available, and impacted appliances should be updated promptly. Cisco has also addressed a maximum severity bug in Cisco Smart Software Manager On-Prem.
Based on the meeting notes, the following key takeaways can be generated:
1. Cisco has fixed a critical vulnerability, tracked as CVE-2024-20401, in the Security Email Gateway (SEG) appliances. This vulnerability allowed attackers to add new users with root privileges and permanently crash the appliances using malicious email attachments.
2. The vulnerability was attributed to an arbitrary file write security flaw in the SEG content scanning and message filtering features, caused by an absolute path traversal weakness that allowed the replacement of any file on the underlying operating system.
3. The impact is on SEG appliances running a vulnerable Cisco AsyncOS release with enabled file analysis and content filter features.
4. The fix for the vulnerability is delivered to affected devices with the Content Scanner Tools package versions 23.3.0.4823 and later, included in Cisco AsyncOS for Cisco Secure Email Software releases 15.5.1-055 and later.
5. To determine vulnerable appliances, administrators can check if file analysis and content filters are enabled through the product web management interface.
6. Cisco advises customers to contact its Technical Assistance Center (TAC) to bring vulnerable appliances back online following a successful attack, as no workarounds are available for the security flaw.
7. Cisco’s Product Security Incident Response Team (PSIRT) has not found evidence of public proof of concept exploits or exploitation attempts targeting the CVE-2024-20401 vulnerability.
8. Additionally, Cisco fixed a maximum severity bug in the Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allowed attackers to change any user password.
These key takeaways summarize the important details discussed in the meeting notes regarding the critical vulnerability and the corresponding fix, along with additional security updates from Cisco.