CVE-2024-9043

{"id": "CVE-2024-9043", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-09-20T11:15:13.280", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-8102-b94a9-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Remote unauthenticated attackers can send crafted packets to crash the process, thereby bypassing authentication and obtaining system administrator privileges."}, {"lang": "es", "value": "Secure Email Gateway de Cellopoint tiene una vulnerabilidad de desbordamiento de b\u00fafer en el proceso de autenticaci\u00f3n. Los atacantes remotos no autenticados pueden enviar paquetes manipulados para bloquear el proceso, eludiendo as\u00ed la autenticaci\u00f3n y obteniendo privilegios de administrador del sistema."}], "lastModified": "2024-09-25T17:54:05.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cellopoint:secure_email_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B586F4B-F5B1-49C1-9ACD-1B4B1F6EB6D2", "versionEndIncluding": "4.5.0", "versionStartIncluding": "4.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}