InterScan Messaging Security expose a critical bugs could allow attackers to gain remotely control

Several vulnerabilities related to the management console have been identified in the InterScan Messaging Security series.

08:49 GMT, Friday, November 27, 2020

In the control console, a cross-site request forgery vulnerability has been recognized.

To unlawfully change policy laws, an attacker will exploit this vulnerability to (email filtering rules).

The attack was set up by planning a camouflaged site etc and forcing the administrator account logging into the management console to “send a” malicious request that abused the “to the management console” vulnerability. I’ll end up there.


If an attacker was “obtaining an administrator account login password” or “stealing an administrator account login session.” the flaw could also be abused more effectively.

Vulnerability details

1. CVE-2020-27016

A cross-site request forgery vulnerability has been identified in the management console.
An attacker can use this vulnerability to illegally change policy rules (email filtering rules).
The attack was established by preparing a camouflaged site etc. and inducing the administrator account logged in to the management console to “send a” malicious request that exploited the vulnerability “to the management console”. I will end up.
The vulnerability could also be exploited more easily if an attacker was “obtaining an administrator account login password” or “stealing an administrator account login session.”
The affected products are:

PRODUCTSPRESENCE OR ABSENCE OF INFLUENCEREMARKS
IMSVA 9.1Yes 
InterScan MSS 9.1 for LinuxYes 
InterScan MSS 7.5 for WindowsNoneThe module containing this vulnerability is not used.

2.CVE-2020-27017

An XML External Entity Processing (XXE attack) vulnerability has been identified in the management console.
An attacker could use this vulnerability to view a local file of IMSVA via a specific POST method.
However, in order to use this vulnerability, it is necessary to “obtain the login password for the administrator account” or “take the login session for the administrator account”.
The affected products are:

PRODUCTSPRESENCE OR ABSENCE OF INFLUENCEREMARKS
IMSVA 9.1Yes 
InterScan MSS 9.1 for LinuxYes 
InterScan MSS 7.5 for WindowsNoneThe module containing this vulnerability is not used.

3. CVE-2020-27018

A server-side request forgery vulnerability has been identified in the management console.
By using this vulnerability, an attacker can “access other internal servers via IMSVA” via a specific POST method.
However, in order to use this vulnerability, it is necessary to “obtain the login password for the administrator account” or “take the login session for the administrator account”.
The affected products are:

PRODUCTSPRESENCE OR ABSENCE OF INFLUENCEREMARKS
IMSVA 9.1Yes 
InterScan MSS 9.1 for LinuxNoneRequests corresponding to this vulnerability are not permitted.
InterScan MSS 7.5 for WindowsNoneThe module containing this vulnerability is not used.

4.CVE-2020-27019

There is a vulnerability that allows you to access the internal files of a specific module used in the admin console without logging in to the admin console.
The affected products are:

PRODUCTSPRESENCE OR ABSENCE OF INFLUENCEREMARKS
IMSVA 9.1Yes 
InterScan MSS 9.1 for LinuxYes 
InterScan MSS 7.5 for WindowsNoneThe module containing this vulnerability is not used.

5.CVE-2020-27693

For accounts that can be created in [Administration]> [Administrator Account] in the management console, the hash algorithm method used to retain the password information for that account is outdated.
If the password hash information is leaked, there is a high risk that it will be decrypted.
The affected products are:

PRODUCTSPRESENCE OR ABSENCE OF INFLUENCEREMARKS
IMSVA 9.1Yes 
InterScan MSS 9.1 for LinuxYes 
InterScan MSS 7.5 for WindowsYes 

6.CVE-2020-27694

Certain third-party modules used in the Administration Console and End User Mail Isolation Console are out of date.
It may take advantage of past vulnerabilities in the third-party module.
The affected products are:

PRODUCTSPRESENCE OR ABSENCE OF INFLUENCEREMARKS
IMSVA 9.1Yes 
InterScan MSS 9.1 for LinuxYes 
InterScan MSS 7.5 for WindowsYes 

References: