Overview
Softnext has released an update to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-5670
- SN OS 12.1 versions: ~ 230921 (inclusive)
- SN OS 12.3 versions: ~ 230921 (inclusive)
- SN OS 10.3 versions: ~ 230630 (inclusive)
Resolved Vulnerabilities
The web service in the Softnext products Mail SQR Expert and Mail Archiving Expert did not properly validate user input, which could allow an unauthenticated remote attacker to inject arbitrary OS commands and execute them on a remote server (CVE-2024-5670)
Vulnerability Patches
Vulnerability Patches were made available in the latest update on 07/29/2024. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-5670
- SN OS 12.1 version: 230922 or later
- SN OS 12.3 version: 230922 or later
- SN OS 10.3 version: 230631 or later
Referenced Sites
[1] CVE-2024-5670 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-5670
[2] Softnext Mail SQR Expert and Mail Archiving Expert – OS Command Injection
https://www.twcert.org.tw/en/cp-139-7959-09d0e-2.html
Article Link: Softnext Product Security Update Advisory (CVE-2024-5670) – ASEC