CVE-2024-7209
CVE-2024-7209

6.5MEDIUM

Key Information:

Vendor: Netwin
Status: Netwin; Fastmail
Vendor: CVE Published:; 30 July 2024

Badges

📰 News Worthy

What is CVE-2024-7209?

A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender.

Affected Version(s)

Fastmail Current

NetWin Current

News Articles

CybersecurityNews

CVE-2024-7208 CVE-2024-7209

Multiple SMTP Servers Vulnerable to Spoofing Attacks, Hackers Bypassing Authentication

A recent discovery has unveiled vulnerabilities in multiple hosted, outbound SMTP servers, allowing authenticated users.

References

https://kb.cert.org/vuls/id/244112

https://www.kb.cert.org/vuls/id/244112

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CybersecurityNews
Aug 1, 2024
Vulnerability published
Jul 30, 2024

Netwin

Badges

What is CVE-2024-7209?

Affected Version(s)

News Articles

Multiple SMTP Servers Vulnerable to Spoofing Attacks, Hackers Bypassing Authentication

References

CVSS V3.1

Timeline