PT-2024-22489 · Axigen · Axigen Mail Server
Alaa Kachouh
+1
·
Published
2024-04-03
·
Updated
2024-08-01
·
CVE-2024-28589
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Axigen Mail Server for Windows versions 10.5.18 and before
Description
An issue was discovered in Axigen Mail Server for Windows, allowing local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization.
Recommendations
For versions 10.5.18 and before, update to a version later than 10.5.18 to resolve the issue. As a temporary workaround, consider restricting access to world-writable directories used by the Axigen Mail Server service to minimize the risk of exploitation.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Axigen Mail Server