CVE-2024-3196

{"id": "CVE-2024-3196", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", "authentication": "MULTIPLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 2.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2024-04-29T07:15:08.740", "references": [{"url": "https://github.com/MailCleaner/MailCleaner/pull/601", "tags": ["Issue Tracking"], "source": "cna@vuldb.com"}, {"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.262312", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.262312", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://github.com/MailCleaner/MailCleaner/pull/601", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?ctiid.262312", "tags": ["Permissions Required", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?id.262312", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration of the component SOAP Service. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262312."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en MailCleaner hasta 2023.03.14. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration del componente SOAP Service. La manipulaci\u00f3n conduce a la inyecci\u00f3n de comandos del sistema operativo. Se requiere acceso local para abordar este ataque. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. El identificador de esta vulnerabilidad es VDB-262312."}], "lastModified": "2025-04-11T14:46:45.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "35777107-4DDB-468B-9E78-A534A93A3768", "versionEndIncluding": "2023.03.14"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}