Published: 14/04/2021 Updated: 21/04/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in MDaemon prior to 20.0.4. Remote Administration allows an malicious user to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the value of the anti-CSRF token, the attacker may trick the user into visiting his malicious page and performing any request with the privileges of attacked user.

Vulnerable Product	Search on Vulmon	Subscribe to Product

MDaemon Advisories - CVE-2021-27180, CVE-2021-27181, CVE-2021-27182, CVE-2021-27183

MDaemon-Advisories MDaemon Advisories: CVE-2021-27180 (Reflected XSS) CVE-2021-27181 (CSRF Token Fixation) CVE-2021-27182 (Iframe injection) CVE-2021-27183 (Remote Code Execution) Those vulnerabilities were already patched on January 2021 and are published for CVE purposes They can be chained to achieve RCE/Account Takeover over email message (user interaction requir

CWE-352 https://github.com/chudyPB/MDaemon-Advisories https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/https://nvd.nist.gov https://github.com/chudyPB/MDaemon-Advisories

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-27181

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect