Cisco on Wednesday announced software updates for roughly a dozen vulnerabilities, including two critical-severity bugs in Secure Email Gateway and Smart Software Manager On-Prem.
The Secure Email Gateway flaw, tracked as CVE-2024-20401 (CVSS score of 9.8), is described as an improper handling of email attachments in the content scanning and message filtering functionality of the appliance.
To exploit the security defect, an attacker could send through the affected device an email containing a crafted attachment, which could allow them to replace files on the underlying system.
“The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial-of-service (DoS) condition on the affected device,” Cisco explains.
Should the issue be exploited to cause a DoS condition, manual intervention would be required to restore the device.
Secure Email Gateway appliances are affected if they are running a vulnerable version of AsyncOS, have either the file analysis or the content filter feature enabled, and use a Content Scanner Tools version prior to 23.3.0.4823.
Content Scanner Tools version 23.3.0.4823, which contains the fix for this issue, is included by default in AsyncOS for Secure Email Software releases 15.5.1-055 and later.
On Wednesday, the tech giant also announced patches for CVE-2024-20419 (CVSS score of 10), a critical flaw in the authentication system of Smart Software Manager On-Prem (SSM On-Prem) – previously Smart Software Manager Satellite (SSM Satellite).
The improper implementation of the password-change process could allow a remote, unauthenticated attacker to send crafted HTTP requests to an affected device and change the password for any user.
“A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user,” Cisco notes.
Patches for this vulnerability were included in SSM On-Prem version 8-202212. The Cisco Smart Licensing Utility, which SSM On-Prem is a component of, is not affected by the bug.
Also on Wednesday, Cisco announced that the recently disclosed BlastRADIUS vulnerability impacts Firepower Device Manager (FDM), Firepower Management Center (FMC), Firepower Threat Defense (FTD), Identity Services Engine (ISE), Secure Email and Web Manager, Secure Email Gateway, IOx Fog Director, and MDS 9000 and Nexus 7000 series switches.
The tech giant also said that it was still investigating over 40 products to determine if they are impacted by the vulnerability.
Cisco also resolved high-severity vulnerabilities in the CLI of AsyncOS for Secure Web Appliance, Identity Services Engine (ISE), and Intelligent Node (iNode) software that could lead to command execution and privilege escalation, information disclosure, and a DoS condition.
Cisco said it was not aware of any of these vulnerabilities being exploited in attacks, but noted that proof-of-concept (PoC) code targeting BlastRADIUS does exist. Additional information can be found on Cisco’s security advisories page.
Related: Oracle Patches 240 Vulnerabilities With July 2024 CPU
Related: Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool
Related: Vulnerability Found in Fluent Bit Utility Used by Major Cloud, Tech Companies
Related: Cisco Unveils AI-Native Enterprise Security Solution Hypershield
