CVE-2024-9043

Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Remote unauthenticated attackers can send crafted packets to crash the process, thereby bypassing authentication and obtaining system administrator privileges.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8102-b94a9-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cellopoint:secure_email_gateway:*:*:*:*:*:*:*:*

History

25 Sep 2024, 17:54

Type	Values Removed	Values Added
First Time		Cellopoint secure Email Gateway Cellopoint
CWE		CWE-787
Summary		(es) Secure Email Gateway de Cellopoint tiene una vulnerabilidad de desbordamiento de búfer en el proceso de autenticación. Los atacantes remotos no autenticados pueden enviar paquetes manipulados para bloquear el proceso, eludiendo así la autenticación y obteniendo privilegios de administrador del sistema.
References	~~() https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html -~~	() https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html - Third Party Advisory
References	~~() https://www.twcert.org.tw/tw/cp-132-8102-b94a9-1.html -~~	() https://www.twcert.org.tw/tw/cp-132-8102-b94a9-1.html - Third Party Advisory
CPE		cpe:2.3:a:cellopoint:secure_email_gateway::::::::

20 Sep 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-20 11:15

Updated : 2024-09-25 17:54

NVD link : CVE-2024-9043

Mitre link : CVE-2024-9043

CVE.ORG link : CVE-2024-9043

JSON object : View

Products Affected

cellopoint

secure_email_gateway

CWE

CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow

9.8 /10