Cisco Secure Email Products Command Injection Vulnerability Allowing Root Access

A vulnerability in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances, both physical and virtual, has been identified. This vulnerability allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of affected appliances. The issue arises from improper input validation and affects all releases of Cisco AsyncOS Software. The vulnerability is exploitable when the Spam Quarantine feature is enabled and exposed to the internet.

Impact

Exploitation of this vulnerability allows for unauthorized execution of commands with root privileges, potentially leading to a complete compromise of the affected appliance's operating system.

Remediation

Cisco recommends upgrading to the latest version of Cisco AsyncOS Software. For Cisco Secure Email Gateway, separate mail and management functionality onto different network interfaces to reduce the risk of unauthorized access. For Cisco Secure Email and Web Manager, ensure that the Spam Quarantine feature is not exposed to the internet. If an appliance has been compromised, rebuilding it is currently the only way to remove the threat actor's persistence mechanism.