A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
The vulnerability results from insufficient HTTP request validation by the Spam Quarantine module. The attacker sends a crafted HTTP request to the vulnerable device without the need for authentication. A properly prepared payload causes arbitrary commands to be executed at the operating system level with root privileges.
The attacker gains full control of the device with root privileges, allowing data reading and modification, malicious software installation, and lateral movement across the organization's network.
Patches available from the vendor must be applied immediately in accordance with the official Cisco security advisory (cisco-sa-sma-attack-N9bf4). Until the fix is deployed, it is recommended to restrict access to the Spam Quarantine interface only to trusted IP addresses at the firewall level and monitor devices for unauthorized activity.
Cisco Secure Email Gateway C695, Cisco Secure Email and Web Manager M380, Cisco Secure Email and Web Manager M695, Cisco Secure Email and Web Manager Virtual Appliance M100V, Cisco Secure Email and Web Manager Virtual Appliance M600V — running Cisco AsyncOS software with the Spam Quarantine function enabled; specific versions indicated in the vendor's references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HCisco Asyncos
OSCisco< 15.0.5-01615.5 – 15.5.4-012 (bez)16.0 – 16.0.4-016 (bez)< 15.0.2-00715.5 – 15.5.4-007 (bez)16.0 – 16.0.4-010 (bez)Cisco Secure Email And Web Manager M170
HWCiscowszystkie wersjeCisco Secure Email And Web Manager M190
HWCiscowszystkie wersjeCisco Secure Email And Web Manager M195
HWCiscowszystkie wersjeCisco Secure Email And Web Manager M380
HWCiscowszystkie wersjeCisco Secure Email And Web Manager M390
HWCiscowszystkie wersjeCisco Secure Email And Web Manager M390x
HWCiscowszystkie wersjeCisco Secure Email And Web Manager M395
HWCiscowszystkie wersjeCisco Secure Email And Web Manager M680
HWCiscowszystkie wersjeCisco Secure Email And Web Manager M690
HWCiscowszystkie wersjeCisco Secure Email And Web Manager M690x
HWCiscowszystkie wersjeCisco Secure Email And Web Manager M695
HWCiscowszystkie wersjeCisco Secure Email And Web Manager Virtual Appliance M100v
APPCiscowszystkie wersjeCisco Secure Email And Web Manager Virtual Appliance M300v
APPCiscowszystkie wersjeCisco Secure Email And Web Manager Virtual Appliance M600v
APPCiscowszystkie wersjeCisco Secure Email Gateway C195
HWCiscowszystkie wersjeCisco Secure Email Gateway C395
HWCiscowszystkie wersjeCisco Secure Email Gateway C695
HWCiscowszystkie wersjeCisco Secure Email Gateway Virtual Appliance C100v
APPCiscowszystkie wersjeCisco Secure Email Gateway Virtual Appliance C300v
APPCiscowszystkie wersjeCisco Secure Email Gateway Virtual Appliance C600v
APPCiscowszystkie wersje
CISA KEV — detailsi
- Vendori
- Cisco ↗
- Producti
- Multiple Products
- Added to KEVi
- December 17, 2025
- Remediation deadline (US Federal)i
- December 24, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance.
Related vulnerabilities
A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attac...
A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco...
A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (...
A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an un...
A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for ...