CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35658
https://notcve.org/view.php?id=CVE-2020-35658
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. SpamTitan anterior a la versión 7.09 permite a los atacantes manipular las copias de seguridad, porque las copias de seguridad no están encriptadas. • https://docs.titanhq.com/en/13161-spamtitan-release-notes.html https://secator.pl/index.php/2020/12/23/cve-2020-35658 • CWE-312: Cleartext Storage of Sensitive Information CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24046
https://notcve.org/view.php?id=CVE-2020-24046
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. • https://github.com/felmoltor https://sensepost.com/blog/2020/clash-of-the-spamtitan https://twitter.com/felmoltor https://www.titanhq.com • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2020-24045
https://notcve.org/view.php?id=CVE-2020-24045
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). • https://github.com/felmoltor https://sensepost.com/blog/2020/clash-of-the-spamtitan https://twitter.com/felmoltor https://www.titanhq.com • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2020-11700 – SpamTitan 7.07 - Remote Code Execution (Authenticated)
https://notcve.org/view.php?id=CVE-2020-11700
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page. Se detectó un problema en Titan SpamTitan versión 7.07. Un saneamiento inapropiado del parámetro fname, utilizado en la página certs-x.php, permitiría a un atacante recuperar el contenido de archivos arbitrarios. • https://www.exploit-db.com/exploits/48817 http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html https://github.com/felmoltor https://sensepost.com/blog/2020/clash-of-the-spamtitan https://twitter.com/felmoltor https://www.spamtitan.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 17%CPEs: 1EXPL: 3CVE-2020-11699 – SpamTitan 7.07 - Remote Code Execution (Authenticated)
https://notcve.org/view.php?id=CVE-2020-11699
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page. Se detectó un problema en Titan SpamTitan versión 7.07. Una comprobación inapropiada del parámetro fname en la página certs-x.php permitiría a un atacante ejecutar código remoto en el servidor de destino. • https://www.exploit-db.com/exploits/48817 http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html https://github.com/felmoltor https://sensepost.com/blog/2020/clash-of-the-spamtitan https://twitter.com/felmoltor https://www.spamtitan.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •