{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-070.pdf"
    },
    "title": "Critical Vulnerabilities in Cisco Products",
    "serial_number": "2024-070",
    "publish_date": "18-07-2024 16:09:28",
    "description": "On July 17, 2024, Cisco issued several security advisories addressing critical and high severity vulnerabilities in its products. It is strongly recommended applying update on affected devices as soon as possible, prioritising internet facing and business critical devices.<br>\n",
    "url_title": "2024-070",
    "content_markdown": "---\ntitle: 'Critical Vulnerabilities in\u00a0Cisco\u00a0Products'\nnumber: '2024-070'\nversion: '1.0'\noriginal_date: 'July 17, 2024'\ndate: 'July 18, 2024'\n---\n\n_History:_\n\n* _18/07/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn July 17, 2024, Cisco issued several security advisories addressing critical and high severity vulnerabilities in its products. It is strongly recommended applying update on affected devices as soon as possible, prioritising internet facing and business critical devices.\n\n# Technical Details\n\nThe critical vulnerability **CVE-2024-20401**, with a CVSS score of 9.8, is an arbitrary file write flaw [1]. It affects the content scanning and message filtering features of Cisco Secure Email Gateway and is due to improper handling of email attachments when file analysis and content filters are enabled. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.\n\nThe critical vulnerability **CVE-2024-20419**, with a CVSS score of 10, lies in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users [2]. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.\n\nThe list of all vulnerabilities could be found in the [vendor's website](https://sec.cloudapps.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-sir#~Vulnerabilities).\n\n# Affected Products\n\nThe vulnerability **CVE-2024-20401** affects Cisco Secure Email Gateway if it is running a vulnerable release of Cisco AsyncOS (version prior to `15.5.1-055`) and both of the following conditions are met:\n\n- Either the file analysis feature, which is part of Cisco Advanced Malware Protection (AMP), or the content filter feature is enabled and assigned to an incoming mail policy\n- The Content Scanner Tools version is earlier than 23.3.0.4823\n\nThe vulnerability **CVE-2024-20419** affects Cisco SSM On-Prem and Cisco Smart Software Manager Satellite (SSM Satellite) version `8-202206` and earlier. \n\n_Note: Cisco SSM On-Prem and Cisco SSM Satellite are the same product. For releases earlier than Release 7.0, this product was called Cisco SSM Satellite. As of Release 7.0, this product is called Cisco SSM On-Prem._\n\n# Recommendations\n\nCERT-EU strongly recommends updating affected products as soon as possible to mitigate these vulnerabilities, prioritising Internet facing and business critical devices.\n\n# References\n\n[1] <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH>\n\n[2] <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>18/07/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On July 17, 2024, Cisco issued several security advisories addressing critical and high severity vulnerabilities in its products. It is strongly recommended applying update on affected devices as soon as possible, prioritising internet facing and business critical devices.</p><h2 id=\"technical-details\">Technical Details</h2><p>The critical vulnerability <strong>CVE-2024-20401</strong>, with a CVSS score of 9.8, is an arbitrary file write flaw [1]. It affects the content scanning and message filtering features of Cisco Secure Email Gateway and is due to improper handling of email attachments when file analysis and content filters are enabled. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.</p><p>The critical vulnerability <strong>CVE-2024-20419</strong>, with a CVSS score of 10, lies in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users [2]. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.</p><p>The list of all vulnerabilities could be found in the <a rel=\"noopener\" target=\"_blank\" href=\"https://sec.cloudapps.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-sir#~Vulnerabilities\">vendor's website</a>.</p><h2 id=\"affected-products\">Affected Products</h2><p>The vulnerability <strong>CVE-2024-20401</strong> affects Cisco Secure Email Gateway if it is running a vulnerable release of Cisco AsyncOS (version prior to <code>15.5.1-055</code>) and both of the following conditions are met:</p><ul><li>Either the file analysis feature, which is part of Cisco Advanced Malware Protection (AMP), or the content filter feature is enabled and assigned to an incoming mail policy</li><li>The Content Scanner Tools version is earlier than 23.3.0.4823</li></ul><p>The vulnerability <strong>CVE-2024-20419</strong> affects Cisco SSM On-Prem and Cisco Smart Software Manager Satellite (SSM Satellite) version <code>8-202206</code> and earlier. </p><p><em>Note: Cisco SSM On-Prem and Cisco SSM Satellite are the same product. For releases earlier than Release 7.0, this product was called Cisco SSM Satellite. As of Release 7.0, this product is called Cisco SSM On-Prem.</em></p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends updating affected products as soon as possible to mitigate these vulnerabilities, prioritising Internet facing and business critical devices.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH\">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy\">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}