PT-2020-15585 · Argosoft · Argosoft Mail Server Pro

V1N1V131R4

Published

2020-09-11

Updated

2020-09-18

CVE-2020-23824

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ArGo Soft Mail Server version 1.8.8.9

Description The issue allows for Cross Site Request Forgery (CSRF) that can lead to remote arbitrary code execution. This is specifically related to the Administration dashboard component. When an administrator or user with admin credentials opens a malicious webpage, it can trigger the CSRF, potentially allowing for unauthorized actions.

Recommendations For ArGo Soft Mail Server version 1.8.8.9, consider restricting access to the Administration dashboard until a fix is available. As a temporary workaround, avoid using admin/user credentials to access potentially malicious websites to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-23824

Affected Products

Argosoft Mail Server Pro

PT-2020-15585 · Argosoft · Argosoft Mail Server Pro

CVE-2020-23824

Weakness Enumeration

Related Identifiers

Affected Products

References · 3