Remote Code Execution Vulnerability in Symantec Messaging Gateway
CVE-2024-23615

10CRITICAL

Key Information:

Vendor: Symantec
Status: Messaging Gateway
Vendor: CVE Published:; 26 January 2024

What is CVE-2024-23615?

A buffer overflow vulnerability has been identified in Symantec Messaging Gateway, specifically in versions 10.5 and earlier. This flaw allows a remote and anonymous attacker to exploit the vulnerability, potentially leading to remote code execution with root privileges. Organizations utilizing affected versions of Symantec Messaging Gateway should prioritize implementing security updates and patching procedures to guard against potential attacks leveraging this vulnerability. Awareness and proactive measures are essential in securing systems against remote exploitation risks.

Affected Version(s)

Messaging Gateway Linux 0 <= 10.5

References

https://blog.exodusintel.com/2024/01/25/symantec-messagin...

third-party-advisory

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2024
Vulnerability Reserved
Jan 18, 2024

Credit

Exodus Intelligence