Cisco AsyncOS Command Injection Vulnerability in Secure Email Gateway and Web Appliance

A command injection vulnerability has been identified in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance. This vulnerability allows an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. The issue arises from insufficient validation of XML configuration files, which can be exploited by uploading a crafted XML file. To exploit this vulnerability, an attacker must have valid administrator credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the affected device's operating system with root privileges.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found in the Cisco Security Vulnerability Policy. For devices running Cisco Secure Email Cloud, which includes Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, Cisco provides regular maintenance and software upgrades. Customers can request an upgrade through the Cisco Technical Assistance Center (TAC).