#VU7478 Security restrictions bypass in Roundcube - CVE-2017-8114
Vulnerability identifier: #VU7478
Vulnerability risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Roundcube
Web applications /
Webmail solutions
Vendor: Roundcube
Description
The vulnerability allows a remote authenticated attacker to bypass security restrictions.
The weakness exists due to improper restriction of exec call in the virtualmin and sasl drivers of the password plugin. A remote attcker can arbitrarily reset passwords, bypass security restrictions and gain elevated privileges on the system.
Successful exploitation of the vulnerability results in privilege escalation.
Mitigation
Update to version 1.0.11, 1.1.9 or 1.2.5.
Vulnerable software versions
Roundcube: 0.1 - 0.1.1, 0.2 - 0.2.2, 0.3 - 0.3.1, 0.4 - 0.4.2, 0.5 - 0.5.4, 0.6, 0.7 - 0.7.3, 0.8.0 - 0.8.6, 1.0.10, 1.1.6 - 1.1.8, 1.2.0 - 1.2.4
External links
https://github.com/ilsani/rd/tree/master/security-advisories/web/roundcube/cve-2017-8114
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
