Remote Code Execution Vulnerability in Symantec Messaging Gateway
CVE-2024-23615

10CRITICAL

Key Information:

Vendor

Symantec

Vendor
CVE Published:
26 January 2024

What is CVE-2024-23615?

A buffer overflow vulnerability has been identified in Symantec Messaging Gateway, specifically in versions 10.5 and earlier. This flaw allows a remote and anonymous attacker to exploit the vulnerability, potentially leading to remote code execution with root privileges. Organizations utilizing affected versions of Symantec Messaging Gateway should prioritize implementing security updates and patching procedures to guard against potential attacks leveraging this vulnerability. Awareness and proactive measures are essential in securing systems against remote exploitation risks.

Affected Version(s)

Messaging Gateway Linux 0 <= 10.5

References

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Exodus Intelligence
.
CVE-2024-23615 : Remote Code Execution Vulnerability in Symantec Messaging Gateway