CVE-2017-7414
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.
En Horde_Crypt en versiones anteriores a 2.7.6, como se utiliza en Horde Groupware Webmail Edition 5.x hasta la versión 5.2.17, OS puede ocurrir si el usuario tiene activadas las características de PGP en las preferencias del usuario y ha activado la preferencia "¿Deberían verificarse automáticamente los mensajes firmados de PGP cuando se visualizan?". Para aprovechar esta vulnerabilidad, un atacante puede enviar un correo electrónico firmado por PGP (que se ha creado de manera malintencionada) al usuario de la Horda, que debe verlo o visualizarlo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-04-03 CVE Reserved
- 2017-04-04 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/06/msg00006.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.horde.org/archives/horde/Week-of-Mon-20170403/056767.html | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.0.0 Search vendor "Horde" for product "Groupware" and version "5.0.0" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.0.0 Search vendor "Horde" for product "Groupware" and version "5.0.0" | rc1, webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.0.1 Search vendor "Horde" for product "Groupware" and version "5.0.1" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.0.2 Search vendor "Horde" for product "Groupware" and version "5.0.2" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.0.3 Search vendor "Horde" for product "Groupware" and version "5.0.3" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.0.4 Search vendor "Horde" for product "Groupware" and version "5.0.4" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.0.5 Search vendor "Horde" for product "Groupware" and version "5.0.5" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.1.0 Search vendor "Horde" for product "Groupware" and version "5.1.0" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.1.0 Search vendor "Horde" for product "Groupware" and version "5.1.0" | rc1, webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.1.1 Search vendor "Horde" for product "Groupware" and version "5.1.1" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.1.2 Search vendor "Horde" for product "Groupware" and version "5.1.2" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.1.3 Search vendor "Horde" for product "Groupware" and version "5.1.3" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.1.4 Search vendor "Horde" for product "Groupware" and version "5.1.4" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.1.5 Search vendor "Horde" for product "Groupware" and version "5.1.5" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.2.0 Search vendor "Horde" for product "Groupware" and version "5.2.0" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.2.0 Search vendor "Horde" for product "Groupware" and version "5.2.0" | rc1, webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.2.1 Search vendor "Horde" for product "Groupware" and version "5.2.1" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.2.2 Search vendor "Horde" for product "Groupware" and version "5.2.2" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.2.3 Search vendor "Horde" for product "Groupware" and version "5.2.3" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.2.4 Search vendor "Horde" for product "Groupware" and version "5.2.4" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.2.5 Search vendor "Horde" for product "Groupware" and version "5.2.5" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.2.6 Search vendor "Horde" for product "Groupware" and version "5.2.6" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | 5.2.7 Search vendor "Horde" for product "Groupware" and version "5.2.7" | webmail |
Affected
| ||||||