Critical MailCleaner Vulnerabilities Let Attackers Execute arbitrary command
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Critical vulnerabilities in MailCleaner versions before 2023.03.14 allow remote attackers to take complete control of the appliance through malicious emails, administrator interaction with attacker sites or links, and exploitation of SOAP endpoints, which compromises the confidentiality and integrity of the MailCleaner system and any emails processed by it.
Additionally, authenticated attackers with administrative privileges can gain further control by executing arbitrary commands or manipulating files on the system, posing a significant risk, especially in cluster deployments where a single compromised machine can grant attackers control of all cluster members.
A critical vulnerability in MailCleaner’s email cleaning cronjob allows remote attackers to gain root access through a crafted email, which exploits an OS command injection flaw, enabling arbitrary command execution and complete system compromise.
An unauthenticated attacker can exploit a stored XSS vulnerability in the admin dashboard via a malicious email, which injects malicious JavaScript, allowing session hijacking, data theft, or unauthorized actions as an admin.
This XSS can be chained for OS command injection when combined with other vulnerabilities, significantly amplifying the attack potential.
The MailCleaner administrator dashboard.
📁🄳🄾🄲🅄🄼🄴🄽🅃
A critical command injection vulnerability exists in administrator endpoints, allowing attackers to gain root access, which requires either compromised administrator credentials or social engineering to trick administrators into visiting a malicious URL as successful exploitation grants complete system compromise.
Successful execution of XSS payload sent to monitor logs and view endpoint
Two vulnerabilities identified at unspecified endpoints allow attackers to inject malicious JavaScript via crafted links, which inject the script into the user’s browser session upon clicking, enabling session hijacking, data theft, or unauthorized actions under the victim’s identity.
This reflects a reflected Cross-Site scripting (XSS) vulnerability where user-supplied data isn’t sanitized before being echoed back in the response.
Exploiting the command injection vulnerability in the getStats endpoint.
Unauthenticated SOAP endpoint vulnerabilities allow remote attackers to execute arbitrary commands with root privileges, which inject OS commands via user-supplied data, bypassing insufficient validation.
According to Modezero, in clustered environments, compromising a single member grants full access to all machines, further escalating system compromise.
Multiple critical and high-severity vulnerabilities have been identified in an unspecified software system, where an unauthenticated attacker can potentially execute arbitrary commands on the system through email (CVE-2024-3191), inject malicious scripts (CVE-2024-3192, CVE-2024-3194), or trick a logged-in user into performing unintended actions (CVE-2024-3193).
Authenticated users can potentially gain unauthorized access to files (CVE-2024-3195) and execute arbitrary commands on the system through local SOAP endpoints (CVE-2024-3196).
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Critical MailCleaner Vulnerabilities Let Attackers Execute arbitrary command
Author: Tushar Subhra DuttaCritical vulnerabilities in MailCleaner versions before 2023.03.14 allow remote attackers to take complete control of the appliance through malicious emails, administrator interaction with attacker sites or links, and exploitation of SOAP endpoints, which compromises the confidentiality and integrity of the MailCleaner system and any emails processed by it.
Additionally, authenticated attackers with administrative privileges can gain further control by executing arbitrary commands or manipulating files on the system, posing a significant risk, especially in cluster deployments where a single compromised machine can grant attackers control of all cluster members.
A critical vulnerability in MailCleaner’s email cleaning cronjob allows remote attackers to gain root access through a crafted email, which exploits an OS command injection flaw, enabling arbitrary command execution and complete system compromise.
An unauthenticated attacker can exploit a stored XSS vulnerability in the admin dashboard via a malicious email, which injects malicious JavaScript, allowing session hijacking, data theft, or unauthorized actions as an admin.
This XSS can be chained for OS command injection when combined with other vulnerabilities, significantly amplifying the attack potential.
The MailCleaner administrator dashboard.📁🄳🄾🄲🅄🄼🄴🄽🅃
A critical command injection vulnerability exists in administrator endpoints, allowing attackers to gain root access, which requires either compromised administrator credentials or social engineering to trick administrators into visiting a malicious URL as successful exploitation grants complete system compromise.
Successful execution of XSS payload sent to monitor logs and view endpointTwo vulnerabilities identified at unspecified endpoints allow attackers to inject malicious JavaScript via crafted links, which inject the script into the user’s browser session upon clicking, enabling session hijacking, data theft, or unauthorized actions under the victim’s identity.
This reflects a reflected Cross-Site scripting (XSS) vulnerability where user-supplied data isn’t sanitized before being echoed back in the response.
Exploiting the command injection vulnerability in the getStats endpoint.
Unauthenticated SOAP endpoint vulnerabilities allow remote attackers to execute arbitrary commands with root privileges, which inject OS commands via user-supplied data, bypassing insufficient validation.
According to Modezero, in clustered environments, compromising a single member grants full access to all machines, further escalating system compromise.
Multiple critical and high-severity vulnerabilities have been identified in an unspecified software system, where an unauthenticated attacker can potentially execute arbitrary commands on the system through email (CVE-2024-3191), inject malicious scripts (CVE-2024-3192, CVE-2024-3194), or trick a logged-in user into performing unintended actions (CVE-2024-3193).
Authenticated users can potentially gain unauthorized access to files (CVE-2024-3195) and execute arbitrary commands on the system through local SOAP endpoints (CVE-2024-3196).
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
