CVE-2020-12619 : MailMate before 1.11 automatically imported S/MIME certificates and thereby sile

MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.

Published 2020-08-20 23:15:11

Updated 2021-07-21 11:39:24

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-12619

Freron » Mailmate
Versions before (<) 1.11
cpe:2.3:a:freron:mailmate:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-12619

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 29 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-12619

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

References for CVE-2020-12619

https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf

Third Party Advisory

CVEs referencing this url
https://updates.mailmate-app.com/2.0/release_notes

Release Notes;Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-12619

Products affected by CVE-2020-12619

Exploit prediction scoring system (EPSS) score for CVE-2020-12619

CVSS scores for CVE-2020-12619

References for CVE-2020-12619