CVE-2024-9043

CRITICAL

Cellopoint Secure Email Gateway < 4.5.0 - Out-of-Bounds Write

Title source: rule

Description

Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Remote unauthenticated attackers can send crafted packets to crash the process, thereby bypassing authentication and obtaining system administrator privileges.

Exploits (1)

inthewild

poc

https://github.com/maybeheisenberg/cve-2024-9043

View on inthewild

References (2)

[Third Party Advisory] https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-8102-b94a9-1.html

Scores

CVSS v3 9.8

EPSS 0.0006

EPSS Percentile 18.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

cellopoint/secure_email_gateway 4.2.1 - 4.5.0

Published Sep 20, 2024

Tracked Since Feb 18, 2026