CVE-2024-20401

Name of the Vulnerable Software and Affected Versions: Cisco Secure Email Gateway (affected versions not specified)

Description: A vulnerability in the content scanning and message filtering features could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this by sending an email with a crafted attachment through an affected device, potentially allowing them to replace any file on the underlying file system, add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition. Manual intervention is required to recover from the DoS condition.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.