Multiple Critical Cisco Bugs Leave Users Vulnerable

Multiple critical vulnerabilities across Cisco products are leaving users vulnerable to attack, according to reports from several sources. Hackers are actively exploiting a critical vulnerability in Cisco's Security Email Gateway (SEG) devices to gain administrative access and add root users. The flaw, identified as CVE-2024-20401, allows attackers to replace any file on the operating system by sending emails with malicious attachments.

Cisco stated the SEG vulnerability was a result of “improper handling of email attachments when file analysis and content filters are enabled." The company has urged all users to update to the latest version of Content Scanner Tools to prevent exploitation. In addition to gaining administrative access and the adding of root users, attackers could potentially modify the device’s configuration, execute arbitrary code, or cause a permanent Denial of Service (DoS) on the compromised device.

The vulnerability impacts SEG appliances running a vulnerable version of Cisco AsyncOS, particularly when the file analysis feature or content filter is enabled and assigned to an incoming mail policy.

Another high-severity vulnerability, CVE-2024-20419, affects Cisco Smart Software Manager On-Prem (SSM On-Prem) and Satellite (SSM Satellite), and allows attackers to change any user password, including that of administrators. This bug has been given a maximum CVSS rating of 10.0, indicating its critical nature. Cisco's advisory noted that an unauthenticated remote attacker could exploit this flaw by sending crafted HTTP requests to the affected device to gain access to the web UI or API with compromised user privileges.

According to Dark Reading, Cisco has released patches for these vulnerabilities, but has not provided detailed information due to the high risk associated with them. These vulnerabilities are particularly concerning because they can be exploited without any user interaction or privileges, significantly impacting the product's integrity, availability, and confidentiality.

The vulnerabilities affect various sectors, including financial institutions, utilities, service providers, and government organizations, which heavily rely on these Cisco products for critical operations. This follows recent reports of Akira ransomware exploiting Cisco VPNs in attacks.