Kaspersky Secure Mail Gateway Multiple Security Vulnerabilities

Kaspersky Secure Mail Gateway is prone to the following multiple security vulnerabilities:

1. A cross-site request-forgery vulnerability
2. An arbitrary command-execution vulnerability.
3. A local privilege-escalation vulnerability
4. A cross-site scripting vulnerability
Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, obtain sensitive information, execute command with root privileges, and perform unauthorized actions. Failed exploits can result in a denial-of-service condition.

Secure Mail Gateway is vulnerable; other versions may also be affected.


Bugtraq ID: 102910
Class: Input Validation Error
Remote: Yes
Local: Yes
Published: Feb 01 2018 12:00AM
Updated: Feb 01 2018 12:00AM
Credit: Leandro Barragan from Core Security Consulting Services
Vulnerable: Kaspersky Secure Mail Gateway

Not Vulnerable: Kaspersky Secure Mail Gateway 1.1 MR1


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts