CVE-2020-24045

Name of the Vulnerable Software and Affected Versions TitanHQ SpamTitan Gateway version 7.07

Description A sandbox escape issue was discovered, allowing an attacker to bypass the restricted shell by presenting a fake vmware-tools ISO image to the guest virtual machine. This ISO image must contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The script will be executed with super-user privileges when the option to install VMware Tools is selected in the main menu of the restricted shell. The script's contents can be customized by the attacker, potentially leading to the installation of a backdoor or similar malicious software.

Recommendations For TitanHQ SpamTitan Gateway version 7.07, as a temporary workaround, consider disabling the option to install VMware Tools in the restricted shell to prevent the execution of the vulnerable script until a patch is available. Restrict access to the vmware-install.pl script to minimize the risk of exploitation.