Email Attachment Filtering Vulnerability
CVE-2024-6048

9.8CRITICAL

Key Information:

Vendor: Openfind
Status: Mailgates 5.0; Mailaudit 5.0; Mailgates 6.0; Mailaudit 6.0
Vendor: CVE Published:; 17 June 2024

Summary

The vulnerability in Openfind's MailGates and MailAudit arises from inadequate input filtering when processing user-provided email attachments. This oversight allows unauthenticated remote attackers to inject malicious system commands. Exploiting this vulnerability poses a serious threat as it could enable attackers to execute arbitrary commands on the server where these products operate, potentially leading to widespread system compromise and data breaches.

Affected Version(s)

MailAudit 5.0 earlier

MailAudit 6.0 earlier

MailGates 5.0 earlier

References

https://www.twcert.org.tw/tw/cp-132-7885-a8013-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-7886-20b61-2.html

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 17, 2024
Vulnerability Reserved
Jun 17, 2024