#VU80409 Arbitrary file upload in A.K.I Software products - CVE-2023-39933


Vulnerability identifier: #VU80409

Vulnerability risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39933

CWE-ID: CWE-434

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PMailServer Standard edition
Server applications / Other server solutions
PMailServer Pro edition
Server applications / Other server solutions
PMailServer Standard + IMAP4 edition
Server applications / Other server solutions
PMailServer Pro + IMAP4 edition
Server applications / Other server solutions
PMailServer2 Standard edition
Server applications / Other server solutions
PMailServer2 Pro edition
Server applications / Other server solutions
PMailServer2 Standard + IMAP4 edition
Server applications / Other server solutions
PMailServer2 Pro + IMAP4 edition
Server applications / Other server solutions
PMailServer2 Enterprise edition
Server applications / Other server solutions

Vendor: A.K.I Software

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in Broadcast Mail CGI (pmc.exe). A remote user can upload a malicious file and execute it on the server.

Note: The following CGIs included with the vulnerable products are affected by the vulnerability.

  • pmc.exe 2.5.1.720 and earlier
  • pmam.exe 2.5.1.1411 and earlier
  • pmmls.exe 2.5.1.561 and earlier
  • pmum.exe (Standard edition) 2.5.1.25451 and earlier
  • pmum.exe (Pro edition) 2.5.1.25452 and earlier
  • pmum.exe (Standard + IMAP4 edition) 2.5.1.25453 and earlier
  • pmum.exe (Pro + IMAP4 edition / Enterprise edition) 2.5.1.25454 and earlier
  • pmman.exe (Standard edition) 2.5.1.12154 and earlier
  • pmman.exe (Pro edition) 2.5.1.12155 and earlier
  • pmman.exe (Standard + IMAP4 edition) 2.5.1.12156 and earlier
  • pmman.exe (Pro + IMAP4 edition) 2.5.1.12157 and earlier
  • pmman.exe (Enterprise edition) 2.5.1.12158 and earlier

Mitigation
Install updates from vendor's website.

Vulnerable software versions

PMailServer Standard edition: 1.91

PMailServer Pro edition: 1.91

PMailServer Standard + IMAP4 edition: 1.91

PMailServer Pro + IMAP4 edition: 1.91

PMailServer2 Standard edition: before 2.51a

PMailServer2 Pro edition: before 2.51a

PMailServer2 Standard + IMAP4 edition: before 2.51a

PMailServer2 Pro + IMAP4 edition: before 2.51a

PMailServer2 Enterprise edition: before 2.51a

External links
https://jvn.jp/en/jp/JVN92720882/index.html
https://akisoftware.com/Vulnerability202301.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in CGIs of PMailServer and PMailServer2