CVE-2024-20401 - Vulnerability Details

Vendors	Products
Cisco	Secure Email Gateway

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:cisco:secure_email_gateway::::::::

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20401", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.660Z", "datePublished": "2024-07-17T16:26:38.305Z", "dateUpdated": "2024-08-01T21:59:42.233Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-07-17T16:26:38.305Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system.\r\n\r This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.\r\n\r Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition."}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Email", "versions": [{"version": "N/A", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Absolute Path Traversal", "type": "cwe", "cweId": "CWE-36"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH", "name": "cisco-sa-esa-afw-bGG2UsjH"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-esa-afw-bGG2UsjH", "discovery": "EXTERNAL", "defects": ["CSCwj53998"]}}, "adp": [{"affected": [{"vendor": "cisco", "product": "secure_email", "cpes": ["cpe:2.3:a:cisco:secure_email:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "15.5.1-055", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-18T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-20401"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T03:55:39.066Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:42.233Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH", "name": "cisco-sa-esa-afw-bGG2UsjH", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH", "name": "cisco-sa-esa-afw-bGG2UsjH", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:42.233Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20401", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-17T16:55:47.665404Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cisco:secure_email:-:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "secure_email", "versions": [{"status": "affected", "version": "0", "lessThan": "15.5.1-055", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T17:08:14.711Z"}}], "cna": {"source": {"defects": ["CSCwj53998"], "advisory": "cisco-sa-esa-afw-bGG2UsjH", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Email", "versions": [{"status": "affected", "version": "N/A"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH", "name": "cisco-sa-esa-afw-bGG2UsjH"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system.\r\n\r This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.\r\n\r Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-36", "description": "Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-07-17T16:26:38.305Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20401", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:59:42.233Z", "dateReserved": "2023-11-08T15:08:07.660Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-07-17T16:26:38.305Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_email_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "663666F4-9946-4E3F-B098-A3B8FB2A3365", "versionEndExcluding": "15.5.1-055", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system.\r\n\r This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.\r\n\r Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition."}, {"lang": "es", "value": "Una vulnerabilidad en las funciones de escaneo de contenido y filtrado de mensajes de Cisco Secure Email Gateway podr\u00eda permitir que un atacante remoto no autenticado sobrescriba archivos arbitrarios en el sistema operativo subyacente. Esta vulnerabilidad se debe al manejo inadecuado de los archivos adjuntos de correo electr\u00f3nico cuando el an\u00e1lisis de archivos y los filtros de contenido est\u00e1n habilitados. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un correo electr\u00f3nico que contenga un archivo adjunto manipulado a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante reemplazar cualquier archivo en el sistema de archivos subyacente. Luego, el atacante podr\u00eda realizar cualquiera de las siguientes acciones: agregar usuarios con privilegios de root, modificar la configuraci\u00f3n del dispositivo, ejecutar c\u00f3digo arbitrario o provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) permanente en el dispositivo afectado. Nota: Se requiere intervenci\u00f3n manual para recuperarse de la condici\u00f3n DoS. Se recomienda a los clientes que se comuniquen con el Centro de asistencia t\u00e9cnica de Cisco (TAC) para ayudar a recuperar un dispositivo en esta condici\u00f3n."}], "id": "CVE-2024-20401", "lastModified": "2025-07-31T17:06:38.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@cisco.com", "type": "Secondary"}]}, "published": "2024-07-17T17:15:13.540", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-36"}], "source": "psirt@cisco.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object