Remote Code Execution in Roundcube Webmail Due to Improper Configuration of Sendmail
CVE-2016-9920

7.5HIGH

Key Information:

Vendor

Roundcube

Status
Webmail
Vendor
CVE Published:
8 December 2016

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 38%

What is CVE-2016-9920?

In Roundcube Webmail versions prior to 1.1.7 and 1.2.x before 1.2.3, there exists a vulnerability that arises when the sendmail program is enabled and no SMTP server is configured. This flaw allows remote authenticated users to exploit the use of custom envelope-from addresses on the sendmail command line. By crafting a malicious HTTP request that sends an email with specific parameters, an attacker can execute arbitrary code on the server, potentially compromising the system's security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

exploit-CVE-2016-9920
Created by t0kx

References

https://blog.ripstech.com/2016/roundcube-command-executio...
x_refsource_MISC
http://www.securityfocus.com/bid/94858
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2016/12/08/10
mailing-listx_refsource_MLIST

EPSS Score

38% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.