Critical Vulnerabilities in SEPPMail Secure E-Mail Gateway Allow Remote Takeover
-
Critical Vulnerabilities in SEPPMail Secure E-Mail Gateway Allow Remote Takeover
SEPPMail Secure E-Mail Gateway is affected by multiple critical vulnerabilities, including a CVSS 10.0 path traversal flaw, that allow unauthenticated remote code execution and full access to mail traffic.
**Update your SEPPMail appliance to version 15.0.4 immediately. Attackers can exploit the Large File Transfer (LFT) feature to execute malicious code and completely take over the appliance without needing prior authentication. If immediate patching is not possible, disable the Large File Transfer (LFT) and GINA v2.x features to minimize your attack surface and block the primary exploit paths. Because SEPPMail is a virtual appliance, your internal security tools likely will not detect an attacker operating directly on the gateway. Proactive patching is your only defense.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-in-seppmail-secure-e-mail-gateway-allow-remote-takeover-3-r-0-5-1/gD2P6Ple2L -
R relay@relay.infosec.exchange shared this topic
