CVE-2024-6744

{"id": "CVE-2024-6744", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-07-15T07:15:25.573", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-7937-acbb5-2.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7936-f6381-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server."}, {"lang": "es", "value": "El detector SMTP de Secure Email Gateway de Cellopoint no valida correctamente la entrada del usuario, lo que genera una vulnerabilidad de desbordamiento del b\u00fafer. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios del sistema en el servidor remoto."}], "lastModified": "2024-07-16T18:06:51.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cellopoint:secure_email_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E822200-5CA2-4BCF-B9E8-5E0DD3B93D30", "versionEndExcluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}