Severity Level: Critical
Title:
Security Updates – Cisco Products
Timestamp:
Monday July 22, 2024
Summary:
This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device.
A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.
Affected System:
.png)
This vulnerability affects Cisco Secure Email Gateway if it is running a vulnerable release of Cisco AsyncOS and both of the following conditions are met:
o Either the file analysis feature, which is part of Cisco Advanced Malware Protection (AMP), or the content filter feature is enabled and assigned to an incoming mail policy
o The Content Scanner Tools version is earlier than 23.3.0.4823
Fixed Version:
• Content Scanner Tools version 23.3.0.4823 and later.
Recommendations:
applying the security updates recently released by Cisco
References:
For references :
Click here