Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities

CVE numbers CVE-2025-20184 and CVE-2025-20185

Multiple vulnerabilities in Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an attacker to execute arbitrary commands locally or remotely.

Cisco has released software updates that address these vulnerabilities.

There are no workarounds that address these vulnerabilities.

At the time of publication, CVE-2025-20184 affected both virtual and hardware appliances of the following Cisco products:

• Secure Email Gateway
• Secure Web Appliance

At the time of publication, CVE-2025-20185 affected both virtual and hardware appliances of the following Cisco products:

• Secure Email and Web Manager
• Secure Email Gateway
• Secure Web Appliance

CVE-2024-20184: Cisco Secure Email Gateway and Cisco Secure Web Appliance Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.

This vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCwk70559, CSCwk70576, CSCwk98506
CVE ID: CVE-2024-20184
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVE-2024-20185: Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid administrative credentials.

This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system.

Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCwk70590, CSCwk70547, CSCwk70574
CVE ID: CVE-2024-20185
Security Impact Rating (SIR): Medium
CVSS Base Score: 3.1
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Further information at – https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34