Cyber Resilience

CVE-2024-20401

Critical

Published: 17 July 2024

Published
17 July 2024
Modified
31 July 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0766 92.1th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20401 is a critical-severity Absolute Path Traversal (CWE-36) vulnerability in Cisco Secure Email Gateway. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 7.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway allows an unauthenticated remote attacker to overwrite arbitrary files on the underlying operating system. The issue stems from improper handling of email attachments when file analysis and content filters are enabled, and it is tracked under CWE-36 with a CVSS 3.1 score of 9.8.

An attacker can exploit the flaw simply by sending a crafted email attachment through an affected device. Successful exploitation permits replacement of any file on the file system, enabling actions such as adding root-privileged users, altering device configuration, executing arbitrary code, or inducing a permanent denial-of-service condition that requires manual recovery via Cisco TAC.

The Cisco Security Advisory cisco-sa-esa-afw-bGG2UsjH details mitigation steps and is available at the vendor's security center.

EPSS for this CVE rose from lower values to a peak of 0.1391 before receding to the current score of 0.0766, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments…

more

when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
secure email gateway
≤ 15.5.1-055

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References