Authentication Bypass Vulnerability in Axigen Mail Server
CVE-2020-26942

9.1CRITICAL

Key Information:

Vendor: Axigen
Status: Axigen Mail Server
Vendor: CVE Published:; 21 March 2024

What is CVE-2020-26942?

A vulnerability in Axigen Mail Server versions 10.3.x and 10.3.2.x prior to specified updates permits unauthenticated attackers to execute a setAdminPassword operation request. This flaw enables attackers to reset the admin account password to an arbitrary value, potentially compromising the integrity of the server and allowing full unauthorized access to sensitive configurations and data.

References

https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Auth...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Oct 10, 2020