Description
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- SmarterTools / SmarterMail0 – 100.0.9511
Exploits & proofs of concept
- nucleiSmarterMail - Remote Code Executionby jyoti369
References
- MISChttps://www.smartertools.com/smartermail/release-notes/current
- MISChttps://code-white.com/public-vulnerability-list/#systemadminsettingscontrollerconnecttohub-missing-authentication-in-smartermail
- VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-rce-via-connecttohub-api