CVE-2024-55560

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 8, 2024
Updated: Dec 9, 2024

Summary

CVE-2024-55560 is a vulnerability affecting MailCleaner before version 28d913e. The issue lies in the default values of ssh host keys (ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key) that are not properly configured and persist after installation. An attacker can exploit this vulnerability by gaining unauthorized access to the MailCleaner server using the default keys. System administrators are advised to update to the latest version of MailCleaner and change the default SSH keys to secure their servers.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share