#VU80410 Path traversal in A.K.I Software products - CVE-2023-40160


Vulnerability identifier: #VU80410

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40160

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PMailServer Standard edition
Server applications / Other server solutions
PMailServer Pro edition
Server applications / Other server solutions
PMailServer Standard + IMAP4 edition
Server applications / Other server solutions
PMailServer Pro + IMAP4 edition
Server applications / Other server solutions
PMailServer2 Standard edition
Server applications / Other server solutions
PMailServer2 Pro edition
Server applications / Other server solutions
PMailServer2 Standard + IMAP4 edition
Server applications / Other server solutions
PMailServer2 Pro + IMAP4 edition
Server applications / Other server solutions
PMailServer2 Enterprise edition
Server applications / Other server solutions

Vendor: A.K.I Software

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in Mailing List Search CGI (pmmls.exe). A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Note: The following CGIs included with the vulnerable products are affected by the vulnerability.

  • pmc.exe 2.5.1.720 and earlier
  • pmam.exe 2.5.1.1411 and earlier
  • pmmls.exe 2.5.1.561 and earlier
  • pmum.exe (Standard edition) 2.5.1.25451 and earlier
  • pmum.exe (Pro edition) 2.5.1.25452 and earlier
  • pmum.exe (Standard + IMAP4 edition) 2.5.1.25453 and earlier
  • pmum.exe (Pro + IMAP4 edition / Enterprise edition) 2.5.1.25454 and earlier
  • pmman.exe (Standard edition) 2.5.1.12154 and earlier
  • pmman.exe (Pro edition) 2.5.1.12155 and earlier
  • pmman.exe (Standard + IMAP4 edition) 2.5.1.12156 and earlier
  • pmman.exe (Pro + IMAP4 edition) 2.5.1.12157 and earlier
  • pmman.exe (Enterprise edition) 2.5.1.12158 and earlier

Mitigation
Install updates from vendor's website.

Vulnerable software versions

PMailServer Standard edition: 1.91

PMailServer Pro edition: 1.91

PMailServer Standard + IMAP4 edition: 1.91

PMailServer Pro + IMAP4 edition: 1.91

PMailServer2 Standard edition: before 2.51a

PMailServer2 Pro edition: before 2.51a

PMailServer2 Standard + IMAP4 edition: before 2.51a

PMailServer2 Pro + IMAP4 edition: before 2.51a

PMailServer2 Enterprise edition: before 2.51a

External links
https://jvn.jp/en/jp/JVN92720882/index.html
https://akisoftware.com/Vulnerability202301.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in CGIs of PMailServer and PMailServer2