Impact and Scope
Security researchers have uncovered multiple critical vulnerabilities in the SEPPMail Secure Email Gateway, an enterprise grade email security appliance. The flaws could allow an unauthenticated attacker to execute arbitrary code remotely and read any email passing through the virtual appliance. One of the most severe issues involves a path traversal in the large file transfer feature, which can be exploited to write files anywhere on the system and achieve full remote code execution.
Vulnerabilities Discovered
The research team identified seven distinct vulnerabilities. These include missing authorization checks in the new GINA user interface, enabling unauthenticated access to privileged endpoints, and a deserialization flaw that permits code execution through a crafted serialized object. An eval injection vulnerability was also found in the template feature, where user supplied input is passed directly into a Perl eval function without sanitization. An unauthenticated path traversal in the attachment preview endpoint allows reading of arbitrary local files on the appliance.
Mitigation and Recommendations
Another serious flaw leaks sensitive server environment variables through an unauthenticated endpoint. Together these vulnerabilities could serve as an entry point into internal networks. Organizations using SEPPMail should apply the vendor supplied patches immediately and restrict access to administrative interfaces. The findings highlight ongoing risks in email security gateways, which remain prime targets for attackers seeking to intercept communications or pivot deeper into corporate networks.
Source: The Hacker News
