Security News > 2024 > July > Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway appliances using emails with malicious attachments.
"This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. A successful exploit could allow the attacker to replace any file on the underlying file system," Cisco explained.
"The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service condition on the affected device."
The updated version is included by default in Cisco AsyncOS for Cisco Secure Email Software releases 15.5.1-055 and later.
While vulnerable SEG appliances are permanently taken offline following successful CVE-2024-20401 attacks, Cisco advises customers to contact its Technical Assistance Center to bring them back online, which will require manual intervention.
On Wednesday, Cisco also fixed a maximum severity bug that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem license servers, including administrators.
News URL
Related news
- Hackers target new MOVEit Transfer critical auth bypass bug (source)
- Hackers exploit critical D-Link DIR-859 router flaw to steal passwords (source)
- Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (source)
- Cisco SSM On-Prem bug lets hackers change any user's password (source)
- Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager (source)
- Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) (source)