Cisco Secure Email Gateway Server-Side Template Injection Vulnerability

A critical vulnerability in Cisco AsyncOS for Secure Email Gateway allows authenticated, remote attackers to execute arbitrary system commands with root privileges via crafted HTTP requests targeting the web-based management interface. The vulnerability stems from insufficient input validation. Exploitation requires valid Operator credentials. Cisco has released software updates to address the issue. There are no available workarounds. The advisory is available at the provided link. The security impact rating is Medium. The vulnerability is assigned CVE-2024-20429.