An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gateway | Ciphermail | 1.0.1 (including) | 4.7.1-0 (including) |
Webmail_messenger | Ciphermail | 1.1.1 (including) | 3.1.1-0 (including) |