Home > Vulnerability Database > CVE-2024-3196

Mend.io Vulnerability Database

CVE-2024-3196

Good to know:

Date: April 29, 2024

A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration of the component SOAP Service. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262312.

Language: PHP

Severity Score

6.7

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-3196

Url: https://github.com/MailCleaner/MailCleaner/pull/601

Url: https://modzero.com/en/advisories/mz-24-01-mailcleaner/

Url: https://vuldb.com/?id.262312

Url: https://vuldb.com/?ctiid.262312

Url: https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf

Url: https://www.mend.io/vulnerability-database/CVE-2024-3196

Severity Score

6.7

Weakness Type (CWE)

OS Command Injections

CWE-78

Top Fix

Upgrade Version

Upgrade to version 72b56ecfc9b23fd3b714220812381f656cfb67ce

Learn More

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.5
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	MULTIPLE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2024-3196

Good to know:

Date: April 29, 2024

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?