CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-20401

CVSS 9.8v3.1pub. 2024-07-17upd. 2025-07-31

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.

🤖 AI Analysis
How it works

The vulnerability results from improper handling of email attachments in content scanning and message filtering functions when file analysis and content filters are enabled. An attacker sends an email message with a crafted attachment through the device that has these functions active. Successful exploitation of the vulnerability allows overwriting any file in the device's file system, giving the attacker full control over the system.

Impact

An attacker can add users with root privileges, modify device configuration, execute arbitrary code (RCE), or trigger a persistent denial of service (DoS) state that requires manual service intervention and contact with Cisco TAC to restore functionality.

Mitigation & patch

Patches available from the vendor must be applied in accordance with the references (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH). Devices that have experienced a persistent DoS state require manual recovery — contact with Cisco Technical Assistance Center (TAC) is recommended.

Who is affected

Cisco Secure Email Gateway with enabled file analysis and content filter functions — specific versions indicated in the vendor's references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Secure Email Gateway

    APP
    Cisco
    < 15.5.1-055
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2023-31488CRITICAL9.8PL ✓ten sam produkt

RCE w Hyland Perceptive Filters — błąd segmentacji przy przetwarzaniu dokumentów

CVE-2025-20153MEDIUM5.8ten sam produkt

A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated,...

CVE-2023-20119MEDIUM6.1ten sam produkt

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web...

CVE-2023-20028MEDIUM5.4ten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Emai...

CVE-2023-20120MEDIUM5.4ten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Emai...