CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-20401

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.01089/1

CVE-2024-20401 is a critical file overwrite vulnerability in Cisco Secure Email Gateway. This flaw enables unauthenticated, remote attackers to overwrite arbitrary files on the operating system. The Cisco Secure Email Gateway vulnerability stems from mishandling email attachments when file analysis and content filters are active. An attacker can exploit this by sending a crafted attachment through the device, allowing them to replace any file on the system. Successful exploitation could lead to adding users with root privileges, modifying device configurations, executing arbitrary code, or causing a permanent Denial of Service (DoS). While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a moderate risk but further investigation is recommended. Note that manual intervention is needed to recover from a DoS, and this vulnerability has been observed In The Wild.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-07-17
LAST MODIFIED2024-07-18
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-20401 is a critical vulnerability in Cisco Secure Email Gateway that allows unauthenticated remote attackers to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled.

Key Insights

  • High Severity: The CVSS score of 9.8 indicates that this vulnerability is highly severe and requires immediate attention.
  • SVRS of 0: The SOCRadar Vulnerability Risk Score (SVRS) of 0 indicates that this vulnerability is not currently being actively exploited. However, it is still critical to patch this vulnerability as soon as possible to prevent potential exploitation.
  • Active Exploits: There are no known active exploits for this vulnerability at this time.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.

Mitigation Strategies

  • Apply the patch: Cisco has released a patch for this vulnerability. It is recommended to apply the patch as soon as possible.
  • Disable file analysis and content filters: If you are unable to apply the patch immediately, you can disable file analysis and content filters to mitigate the risk of exploitation.
  • Monitor for suspicious activity: Monitor your network for any suspicious activity that could indicate exploitation of this vulnerability.
  • Contact Cisco TAC: If you are experiencing a DoS condition due to this vulnerability, contact the Cisco Technical Assistance Center (TAC) for assistance.

Additional Information

If you have any additional questions regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Thursday, July 18th, 2024
Dr. Johannes B. Ullrich2024-07-18
ISC StormCast for Thursday, July 18th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AndroxGh0st; Cisco SSM Vuln; Cisco Email Gateway Vuln; MSFT Checkpoint Updates; GeoServer Patch;Who You Gonna Call: Androx Gh0st Busters! https://isc.sans.edu/diary/Who%20You%20Gonna%20Call%3F%20AndroxGh0st%20Busters!%20%5BGuest%20Diary%5D/31086 Cisco Smart Software Manager Vulnerability CVE-2024-20419 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy Critical Security Flaw in Cisco Secure Email Gateway: CVE-2024-20401 <a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
sans.edu
rss
forum
news
Schwerwiegende Sicherheitslücke in Cisco Secure Email Gateway
CERT.at2025-04-01
Schwerwiegende Sicherheitslücke in Cisco Secure Email Gateway | Cisco hat ein Advisory zu einer schweren Sicherheitsl&uuml;cke in Cisco Secure Email Gateway ver&ouml;ffentlicht. Die Schwachstelle, CVE-2024-20401, befindet sich in der Inhalts&uuml;berpr&uuml;fungs- und Nachrichtenfilterungsfunktion des Produktes. Ihre Ausnutzung k&ouml;nnte es nicht authentifizierten, entfernten Angreifer:innen erlauben, beliebige Dateien auf dem lokalen System zu &uuml;berschreiben. Dies w&uuml;rde Bedrohungsakteuren potentiell auch erm&ouml;glichen, neue
cve-2024-20401
security
cve
support
Cisco Secure Email Gateway Arbitrary File Write Vulnerability
2024-07-17
Cisco Secure Email Gateway Arbitrary File Write Vulnerability | A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system
br
https
aria
cve
Data Breaches Digest - Week 29 2024
Dunkie ([email protected])2024-07-15
Data Breaches Digest - Week 29 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 15th July and 21st July 2024. 21st July <br
dbdigest.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: SideWinder phishing campaign targets maritime facilities in multiple countries The APT group SideWinder launched a new espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. In the 2022 […] A crafty phishing campaign targets Microsoft OneDrive users Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | URL: https://securityaffairs.com/must-read. Publication date: 2023-08-27 16:37:21 News Content: A crafty phishing campaign targets Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users. Threat actors rely on social engineering tactics to trick users into executing a PowerShell script, which leads to […] | Description: A crafty phishing campaign targets Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085 Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. “Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full […] Acronis Cyber Infrastructure bug actively exploited in the wild Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure (ACI) solution that
google.com
rss
forum
news

Social Media

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) | #HelpNetSecurity #CyberSecurity https://t.co/rs9ZdxRnfZ
0
0
0
On July 17, 2024, Cisco publicly disclosed critical vulnerabilities in Cisco Secure Email Gateway (SEG) and Cisco Smart Software Manager On-Prem (SSM), identified as CVE-2024-20401 and CVE-2024-20419 respectively. #EndCyberRisk https://t.co/1v12X8ddAl
0
0
0
Cisco has addressed a critical security flaw, identified as CVE-2024-20401, in its Security Email Gateway (SEG). https://t.co/LceEhDAWlb
0
0
0
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) - Help Net Security https://t.co/5moHuCz7Mh
0
0
1
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) - Help Net Security https://t.co/wlx56G43qm https://t.co/9QGRGZxA0T
0
0
1
🚨 Vulnerabilitatea de securitate cibernetică în funcțiile de scanare a conținutului, de prelucrare a atașamentelor și mesajelor din Cisco Secure Email Gateway, clasificată ca CVE-2024-20401, scor severitate 9.8 permite unui atacator neautentificat, de la distanță, să suprascrie https://t.co/ri1zz87YYq
1
0
0
Cisco fixed a critical flaw (CVE-2024-20401) in Security Email Gateway that could allow attackers to add root users via @securityaffairs #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/OnHmconIVh
0
0
0
🚨 A Critical Vulnerability exists in Cisco Secure Email (CVE-2024-20401). Please see the @ncsc_gov_ie alert for more info: https://t.co/0ypvIaiCUn
0
0
0
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) https://t.co/0t4UeZSGXU https://t.co/OCX0mIH0mR
0
0
0
#Dontmiss #Hotstuff #News #Cisco #emailsecurity Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) https://t.co/guvpvIq1oD
0
1
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH

CWE Details

CWE IDCWE NameDescription
CWE-36Absolute Path TraversalThe software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence