Lucene search

TwcertVULNRICHMENT:CVE-2024-6744

HistoryJul 15, 2024 - 6:32 a.m.

CVE-2024-6744

2024-07-1506:32:21

CWE-121

twcert

github.com

smtp listener

validation vulnerability

cellopoint secure email gateway

buffer overflow

remote attacker

arbitrary commands

cve-2024-6744

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:cellopoint:secure_email_gateway:*:*:*:*:*:*:*:*"
    ],
    "vendor": "cellopoint",
    "product": "secure_email_gateway",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.5.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.twcert.org.tw/en/cp-139-7937-acbb5-2.html

www.twcert.org.tw/tw/cp-132-7936-f6381-1.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-6744