PT-2018-17450 · Kaspersky · Kaspersky Secure Mail Gateway

Published

2018-02-01

Updated

2018-02-23

CVE-2018-6289

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kaspersky Secure Mail Gateway version 1.1

Description The issue is related to configuration file injection, which can lead to code execution as root.

Recommendations For Kaspersky Secure Mail Gateway version 1.1, update to a version that fixes the configuration file injection issue to prevent code execution as root.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2018-6289

Affected Products

Kaspersky Secure Mail Gateway

PT-2018-17450 · Kaspersky · Kaspersky Secure Mail Gateway

CVE-2018-6289

Weakness Enumeration

Related Identifiers

Affected Products

References · 4