Softnext Product Security Update Advisory (CVE-2024-5670)

Overview

 

Softnext has released an update to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-5670

  • SN OS 12.1 versions: ~ 230921 (inclusive)
  • SN OS 12.3 versions: ~ 230921 (inclusive)
  • SN OS 10.3 versions: ~ 230630 (inclusive)

 

 

Resolved Vulnerabilities

 

The web service in the Softnext products Mail SQR Expert and Mail Archiving Expert did not properly validate user input, which could allow an unauthenticated remote attacker to inject arbitrary OS commands and execute them on a remote server (CVE-2024-5670)

 

 

Vulnerability Patches

 

Vulnerability Patches were made available in the latest update on 07/29/2024. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-5670

  • SN OS 12.1 version: 230922 or later
  • SN OS 12.3 version: 230922 or later
  • SN OS 10.3 version: 230631 or later

 

 

Referenced Sites

[1] CVE-2024-5670 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-5670

[2] Softnext Mail SQR Expert and Mail Archiving Expert – OS Command Injection

https://www.twcert.org.tw/en/cp-139-7959-09d0e-2.html

Article Link: Softnext Product Security Update Advisory (CVE-2024-5670) – ASEC