go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

EasyUse MailHunter Ultimate - Deserialization of Untrusted Data

TVN ID TVN-202207007
CVE ID CVE-2022-35223
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products EasyUse MailHunter Ultimate <= 2020
Description EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service.
Solution Contact tech support from EasyUse.
Credit Xin-Yue, Song (CHT Security)
Public Date 2022-07-29
Top