go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Softnext Mail SQR Expert and Mail Archiving Expert - OS Command Injection

TVN ID TVN-202407011
CVE ID CVE-2024-5670
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products SN OS 12.1 version 230921 and earlier
SN OS 12.3 version 230921 and earlier
SN OS 10.3 version 230630 and earlier
Description The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.
Solution Update SN OS 12.1 to version 230922 or later
Update SN OS 12.3 to version 230922 or later
Update SN OS 10.3 to version 230631 or later

For affected products running on FreeBSD 9.x, updates will not be supported. Please upgrade the operating system version first.
Credit Cyku Hong(DEVCORE)
Public Date 2024-07-29
Top