Core Security releases security advisory on Kaspersky Labs’ Secure Mail Gateway[scmagazine]

by CIRT Team

Core Security issued an advisory for multiple vulnerabilities it found in Kaspersky Labs’ Secure Mail Gateway that if left unpatched could lead to administrative account takeover.

Core Security researchers found that the Kaspersky Secure Mail Gateway, which is a virtual appliance deployed inside an organization’s network infrastructure that comes bundled with a Web Management Console that monitor the apps operation. However, the console “provides no cross-site request forgery protection site-wide, which could result in administrative account takeover.”

“Multiple vulnerabilities were found in the Kaspersky Mail Gateway Web Management Console. It is possible for a remote attacker to abuse these vulnerabilities and gain command execution as root,” Core Security wrote.

Core Security first came across the issues in September 2017 and notified Kaspersky. After months of going back and forth Core settled on posting the advisory on February 1 and included a link to the update.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping