Critical Vulnerability Found in Symantec Messaging Gateway – Update Now!

CVECVE-2024-23614
CVSScvssV3_1: 10
SourceCVE-2024-23614

Symantec Messaging Gateway is email security software used by many organizations to filter emails and protect against threats. Researchers have discovered a serious buffer overflow vulnerability in versions 9.5 and below that can allow remote attackers to take complete control of systems running the affected software.

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. This can overwrite adjacent memory and corrupt other important data like function pointers or even inject malicious code. In this case, a remote attacker could craft a specially crafted email that triggers the overflow and executes arbitrary code with root/admin privileges on the target server.

If exploited, this vulnerability could allow a hacker to do anything the root user can do like install malware, steal sensitive data, modify files and settings or use the compromised system to launch attacks on other internal systems. As the vulnerability can be exploited remotely without any authentication, even unprivileged users on the internet could potentially take control of exposed and vulnerable systems.

The CVSS score of 10 indicates this is a critical issue. Symantec has released updates to fix the problem, so it is highly recommended that all Symantec Messaging Gateway administrators immediately apply the latest patches to versions 9.5 and below. You should also check that remote access to the admin interface has been restricted and strong passwords are in use. Taking prompt action greatly reduces the risk of this vulnerability being exploited.

References