CVE-2024-55560

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

08/12/2024

Last modified:

09/12/2024

Description

MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 9.80 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

9.80

Severity 3.x

CRITICAL

References to Advisories, Solutions, and Tools

https://github.com/MailCleaner/MailCleaner/commit/28d913eaa044b689eb114f72ebe92d48cb4aaca7
https://github.com/MailCleaner/MailCleaner/wiki/Watchdogs#host_keys
https://www.mailcleaner.net/infobox/mc-info-box.php