A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.
The vulnerability results from improper handling of email attachments in content scanning and message filtering functions when file analysis and content filters are enabled. An attacker sends an email message with a crafted attachment through the device that has these functions active. Successful exploitation of the vulnerability allows overwriting any file in the device's file system, giving the attacker full control over the system.
An attacker can add users with root privileges, modify device configuration, execute arbitrary code (RCE), or trigger a persistent denial of service (DoS) state that requires manual service intervention and contact with Cisco TAC to restore functionality.
Patches available from the vendor must be applied in accordance with the references (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH). Devices that have experienced a persistent DoS state require manual recovery — contact with Cisco Technical Assistance Center (TAC) is recommended.
Cisco Secure Email Gateway with enabled file analysis and content filter functions — specific versions indicated in the vendor's references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCisco Secure Email Gateway
APPCisco< 15.5.1-055
Related vulnerabilities
RCE w Hyland Perceptive Filters — błąd segmentacji przy przetwarzaniu dokumentów
A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated,...
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web...
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Emai...
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Emai...