A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration of the component SOAP Service. The manipulation with an unknown input leads to a os command injection vulnerability. The CWE definition for the vulnerability is CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was disclosed by Michael Imfeld and Pascal Zenker with modzero AG as MZ-24-01 as confirmed advisory (Website). The advisory is shared for download at modzero.com. This vulnerability was named CVE-2024-3196. The exploitation appears to be easy. The attack needs to be approached locally. Additional levels of successful authentication are required for exploitation. Technical details and also a public exploit are known. The MITRE ATT&CK project declares the attack technique as T1202.

It is possible to download the exploit at modzero.com. It is declared as proof-of-concept.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.

The entries VDB-262307, VDB-262308, VDB-262309 and VDB-262310 are pretty similar.

Productinfo

Name

• MailCleaner

Version

• 2023.03.0
• 2023.03.1
• 2023.03.2
• 2023.03.3
• 2023.03.4
• 2023.03.5
• 2023.03.6
• 2023.03.7
• 2023.03.8
• 2023.03.9
• 2023.03.10
• 2023.03.11
• 2023.03.12
• 2023.03.13
• 2023.03.14

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion