National Cyber Warfare Foundation (NCWF) Forums


Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code
0 user ratings		2024-07-15 11:31:32
milo
Red Team (CNA)
 - archive -- 

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as CVE-2024-6744. This flaw assigned a CVSS score of 9.8, poses a severe risk to organizations using this email security solution. CVE-2024-6744: A Critical Vulnerability According to the Twcert report, the vulnerability resides in the Secure Email Gateway’s SMTP Listener component, specifically […]


The post Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as CVE-2024-6744.





This flaw assigned a CVSS score of 9.8, poses a severe risk to organizations using this email security solution.





CVE-2024-6744: A Critical Vulnerability





According to the Twcert report, the vulnerability resides in the Secure Email Gateway’s SMTP Listener component, specifically in versions before 4.5.0. The flaw stems from improper user input validation, leading to a buffer overflow condition.





This weakness allows an unauthenticated, remote attacker to execute arbitrary system commands on the affected server, potentially compromising the entire email infrastructure.





Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files





Technical Details





CVE IDCVSS ScoreVectorAffected Products
CVE-2024-67449.8 (Critical)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSecure Email Gateway before version 4.5.0




Cellopoint has responded promptly to this critical issue by releasing a patch, Build_20240529, which addresses the vulnerability.





All organizations using the affected versions of Secure Email Gateway must install this patch immediately to mitigate the risk of exploitation.





The discovery of CVE-2024-6744 highlights the ongoing challenges in securing email gateways, which are critical components of enterprise communication infrastructure.





An attacker’s ability to execute arbitrary code remotely without authentication underscores the importance of regular security updates and vigilant monitoring. Cellopoint has been credited with identifying and addressing this vulnerability.





The public disclosure of this flaw on July 15, 2024, aims to ensure that all affected users are aware and can take necessary action to protect their systems.





"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo


The post Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Source: gbHackers
Source Link: https://gbhackers.com/cellopoint-secure-email-gateway-flaw/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.