Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202512-00000009

[Content Description]
AsyncOS software is an operating system specifically designed by Cisco for Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager. It provides functions such as handling large volumes of email and network traffic and offering advanced email security. Cisco has issued a major cybersecurity bulletin, discovering a critical cybersecurity vulnerability in AsyncOS (CVE-2025-20393, CVSS: 10.0). This vulnerability allows attackers to execute arbitrary commands with root privileges on the underlying system of affected devices. It has already been found to be used in network attack activities. For detailed solutions, please see the Cisco website.

[Affected Platforms]
All versions of Cisco AsyncOS software are affected by this attack.

[Recommended Actions]
Patchute according to the solutions released on the official website:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

[References]
https://www.twcert.org.tw/tw/cp-169-10583-fb9f4-1.html