Multiple issues were discovered in CipherMail Community Gateway and Professional/Enterprise Gateway versions 1.0.1 through 4.7.1, and Webmail Messenger 1.1.1 through 3.1.1. These vulnerabilities have been fixed in CipherMail Community Gateway and Professional/Enterprise Gateway 4.8.0 and Webmail Messenger 3.2.0. You may or may not be affected by these issues depending on your use of the CipherMail software. We recommend that you update your CipherMail installations, or apply the minimal patches provided through the website and support portal.
CVE-2020-12713: Incorrect Access Control
Core Security discovered that it is possible to escalate privileges from the web interface, when authenticated as an administrative user with the 'ROLE_ADMIN' role. The affected components are the Postfix main.cf configuration editor (allowing escalation to the local root account) and the backup restore functionality (allowing escalation to the local djigzo account).
CipherMail Gateway 4.8.0 and Webmail Messenger 3.2.0 fix this vulnerability by validating the main.cf input and asking for the 'sa' system password before restoring a backup. The minimal patch also adds validation of the main.cf input, but completely disables the backup restore functionality in the web interface. Restoring from the command line is still possible.
CVE-2020-12714: Inadequate Encryption Strength
We discovered that the default Postfix configuration of CipherMail virtual appliances contains a weak Diffie-Hellman parameter. This could compromise communications between SMTP clients and CipherMail products. The vulnerability should only be an issue in case you rely on TLS for security of inter-mailserver SMTP traffic (for example, with DANE and STARTTLS).
CipherMail Gateway 4.8.0 and Webmail Messenger 3.2.0 fix this vulnerability by configuring Postfix to use a stronger Diffie-Hellman parameter. The minimal patch does exactly the same.
More information
Customers with a support contract can contact our support desk at [email protected]. We can help you figure out whether you are affected by these vulnerabilities and can assist you with updating or patching your installations.
Some background information on these vulnerabilities and patch instructions can be found on our blog: CVE-2020-12713 & CVE-2020-12714