New critical vulnerability in MailAudit operating system

Openfind Information Technology MailGates and Openfind Information Technology MailAudit operating system command injection vulnerabilities

Monday, November 2, 2020, 12:13 GMT

Openfind Information Technology The two products of Openfind Information Technology, a Taiwanese company, are MailGates and Openfind Information Technology MailAudit. Openfind Information Technology MailGates is a series of defense mechanisms for email encryption. Functions like email scanning and APT threat protection are provided by the system. The program used in corporate email security audits is Openfind Information Management MailAudit.

The injection flaws in MailGates and MailAudit are present. In the course of creating operating system executable commands, the bugs derive from external input info. Special characters, instructions, etc. are not properly filtered by the network system or product. This weakness can be used by an attacker to execute unauthorized operating system commands. The intruder will insert and execute device commands from the cgi parameters after having acquired the user’s access token.

Solution:

The manufacturer has released upgrade patches to fix the vulnerabilities


Offer: