CVE-2024-9043 (CVSS 9.8): Cellopoint Secure Email Gateway Flaw Puts Sensitive Data at Risk - #CVE-2024-9043
A critical vulnerability, CVE-2024-9043, with a CVSS score of 9.8, has been discovered in Cellopoint's Secure Email Gateway (SEG), affecting versions 4.2.1 to 4.5.0. This buffer overflow flaw allows remote attackers to send specially crafted packets to crash the SEG authentication process and gain system administrator privileges. The potential consequences include unauthorized access to sensitive emails, installation of malware, exfiltration of data, and disabling of security mechanisms. Cellopoint has released a patch, Build\_20240712 or later, to mitigate this issue, and administrators are strongly encouraged to apply it immediately to avoid exploitation. The vulnerability highlights the critical need for timely security updates in enterprise environments to prevent severe breaches and data loss.