Summary
SEPPMail Secure E-Mail Gateway is affected by multiple critical vulnerabilities, including a CVSS 10.0 path traversal flaw, that allow unauthenticated remote code execution and full access to mail traffic.
Take Action:
Update your SEPPMail appliance to version 15.0.4 immediately. Attackers can exploit the Large File Transfer (LFT) feature to execute malicious code and completely take over the appliance without needing prior authentication. If immediate patching is not possible, disable the Large File Transfer (LFT) and GINA v2.x features to minimize your attack surface and block the primary exploit paths. Because SEPPMail is a virtual appliance, your internal security tools likely will not detect an attacker operating directly on the gateway. Proactive patching is your only defense.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)