go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


HGiga iSherlock - Command Injection

TVN ID TVN-202307010
CVE ID CVE-2023-37292
CVSS 9.8 (Critical)
Affected Products HGiga iSherlock (包含 MailSherlock , SpamSherock, AuditSherlock)
iSherlock 4.5: iSherlock-user < 4.5-174
iSherlock 5.5: iSherlock-user < 5.5-174 "
Description HGiga iSherlock has a vulnerability of insufficient filtering within its personalized configuration interface. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary system commands remotely to perform arbitrary system operations or disrupt service.
Solution Udate iSherlock-user version to 4.5-174(MSR45) or 5.5-174 (MSR55) or later version
Credit Cyku (DEVCORE)
Public Date 2023-09-19