Published On: Aug 16, 2024 18:36
Advisory No: TZCERT-SA-24-0007
Source: Cisco Secure Email Gateway, Cisco Smart Software Manager On-Prem
Software Affected: Cisco Secure Email Gateway, Cisco Smart Software Manager On-Prem
Two Cisco products are affected by critical vulnerabilities. The vulnerabilities could allow an attacker to execute arbitrary code or cause a permanent denial of service (DoS) condition on the affected device.
Cisco Secure Email Gateway and Cisco Smart Software Manager On-Prem are affected by two critical vulnerabilities tracked as CVE-2024-20401, and CVE-2024-20419 with base scores of 9.8 and 10 respectively. The vulnerabilities are the result of improper handling of email attachments when file analysis and content filters are enabled, and due to improper implementation of the password-change process. The vulnerability allows unauthenticated remote attacker to modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.
Successful exploitation of these vulnerabilities may allow unauthenticated, remote unauthenticated attacker to take control of the affected system or cause a denial of service condition.
Cisco has released patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
