--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'Critical Vulnerabilities in Cisco Products' number: '2024-070' version: '1.0' original_date: 'July 17, 2024' date: 'July 18, 2024' --- _History:_ * _18/07/2024 --- v1.0 -- Initial publication_ # Summary On July 17, 2024, Cisco issued several security advisories addressing critical and high severity vulnerabilities in its products. It is strongly recommended applying update on affected devices as soon as possible, prioritising internet facing and business critical devices. # Technical Details The critical vulnerability **CVE-2024-20401**, with a CVSS score of 9.8, is an arbitrary file write flaw [1]. It affects the content scanning and message filtering features of Cisco Secure Email Gateway and is due to improper handling of email attachments when file analysis and content filters are enabled. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. The critical vulnerability **CVE-2024-20419**, with a CVSS score of 10, lies in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users [2]. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user. The list of all vulnerabilities could be found in the [vendor's website](https://sec.cloudapps.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-sir#~Vulnerabilities). # Affected Products The vulnerability **CVE-2024-20401** affects Cisco Secure Email Gateway if it is running a vulnerable release of Cisco AsyncOS (version prior to `15.5.1-055`) and both of the following conditions are met: - Either the file analysis feature, which is part of Cisco Advanced Malware Protection (AMP), or the content filter feature is enabled and assigned to an incoming mail policy - The Content Scanner Tools version is earlier than 23.3.0.4823 The vulnerability **CVE-2024-20419** affects Cisco SSM On-Prem and Cisco Smart Software Manager Satellite (SSM Satellite) version `8-202206` and earlier. _Note: Cisco SSM On-Prem and Cisco SSM Satellite are the same product. For releases earlier than Release 7.0, this product was called Cisco SSM Satellite. As of Release 7.0, this product is called Cisco SSM On-Prem._ # Recommendations CERT-EU strongly recommends updating affected products as soon as possible to mitigate these vulnerabilities, prioritising Internet facing and business critical devices. # References [1] [2]