Local Privilege Escalation Vulnerability in Axigen Mail Server for Windows
CVE-2024-28589

Currently unrated

Key Information:

Vendor: Axigen
Vendor: CVE Published:; 3 April 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-28589?

An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-28589
Created by Alaatk

References

https://www.axigen.com/knowledgebase/Local-Privilege-Esca...

Timeline

🟡
Public PoC available
Apr 4, 2024
👾
Exploit known to exist
Apr 4, 2024
Vulnerability published
Apr 3, 2024