Exposed IOCTL with Insufficient Access Control

CVE-2024-32370

High

9.8/10

Summary

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-782 - Exposed IOCTL with Insufficient Access Control

The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

References

Advisory Timeline

Published May 07, 2024

Exposed IOCTL with Insufficient Access Control

CVE-2024-32370

Summary

CWE-782 - Exposed IOCTL with Insufficient Access Control

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS