CVE-2020-12713 : An issue was discovered in CipherMail Community Gateway and Professional/Enterpr

An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account.

Published 2020-06-11 02:15:10

Updated 2020-06-22 18:09:03

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-12713

Ciphermail » Gateway
Versions from including (>=) 1.0.1 and up to, including, (<=) 4.7.1-0
cpe:2.3:a:ciphermail:gateway:*:*:*:*:*:*:*:*
Matching versions
Ciphermail » Webmail Messenger
Versions from including (>=) 1.1.1 and up to, including, (<=) 3.1.1-0
cpe:2.3:a:ciphermail:webmail_messenger:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-12713

EPSS FAQ

3.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-12713

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-12713

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-12713

https://www.ciphermail.com/news.html

Email Encryption - News about CipherMail - CipherMail
Release Notes;Vendor Advisory

CVEs referencing this url
https://www.ciphermail.com/blog/ciphermail-cve-2020-12713_2020-12714.html

Email Encryption - CipherMail CVE-2020-12713 & CVE-2020-12714 - CipherMail
Patch;Vendor Advisory

CVEs referencing this url
https://www.ciphermail.com/secure-webmail.html

Email Encryption - CipherMail Webmail Messenger - CipherMail
Product;Vendor Advisory

CVEs referencing this url
https://www.ciphermail.com/gateway.html

Email Encryption - CipherMail Email Encryption and Digital Signing Server - CipherMail
Product;Vendor Advisory

CVEs referencing this url
https://www.coresecurity.com/core-labs/advisories/ciphermail-multiple-vulnerabilities

CipherMail Multiple Vulnerabilities | CoreLabs Advisories
Exploit;Third Party Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/158001/CipherMail-Community-Virtual-Appliance-4.6.2-Code-Execution.html

CipherMail Community Virtual Appliance 4.6.2 Code Execution ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2020-12713

Products affected by CVE-2020-12713

Exploit prediction scoring system (EPSS) score for CVE-2020-12713

CVSS scores for CVE-2020-12713

CWE ids for CVE-2020-12713

References for CVE-2020-12713