PT-2024-24321 · Unknown · Mailcleaner
Michael Imfeld
+1
·
Published
2024-04-28
·
Updated
2025-03-21
·
CVE-2024-3196
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MailCleaner versions up to 2023.03.14
Description
A critical issue has been found in MailCleaner, affecting the SOAP Service component. The vulnerability leads to os command injection, which can be exploited with local access. The affected function includes getStats, Services silentDump, Services stopStartMTA, Config saveDateTime, Config hostid, Logs StartGetStat, and dumpConfiguration. An exploit for this issue has been disclosed publicly.
Recommendations
For MailCleaner versions up to 2023.03.14, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the SOAP Service component until a patch is available. Avoid using the affected functions, such as getStats, until the issue is resolved.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailcleaner