Email Gateway Bug Lets Hackers Take Over as Admin
CVE-2024-9043

9.8CRITICAL

Key Information:

Vendor: Cellopoint
Status: Secure Email Gateway
Vendor: CVE Published:; 20 September 2024

What is CVE-2024-9043?

The Secure Email Gateway from Cellopoint is susceptible to a buffer overflow vulnerability that arises during the authentication process. This loophole permits remote, unauthenticated attackers to send specially crafted packets to the system, leading to a crash of the authentication process. Such exploitation allows attackers to bypass normal authentication mechanisms and gain unauthorized access, effectively granting them system administrator privileges. Organizations leveraging this product should assess their security posture and apply necessary remediations to thwart potential threats.

Affected Version(s)

Secure Email Gateway 4.2.1 <= 4.5.0

References

https://www.twcert.org.tw/tw/cp-132-8102-b94a9-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2024
Vulnerability Reserved
Sep 20, 2024

CVE-2024-9043 Data

JSON