#VU72309 Input validation error in Cisco Email Security Appliance and Cisco Secure Email and Web Manager - CVE-2023-20009

Cybersecurity Help s.r.o.

Published: 2023-02-15

Vulnerability identifier: #VU72309

Vulnerability risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-20009

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Email Security Appliance
Server applications / IDS/IPS systems, Firewalls and proxy servers
Cisco Secure Email and Web Manager
Server applications / Other server solutions

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of an uploaded Simple Network Management Protocol (SNMP) configuration file. A remote attacker can upload a specially crafted SNMP configuration file and execute arbitrary code as root.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Email Security Appliance: before 12.5.4-041

Cisco Secure Email and Web Manager: before 12.8.1-021

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd29901
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd29905

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco Email Security Appliance and Cisco Secure Email and Web Manager