Cyber Resilience

CVE-2024-41958

Medium

Published: 05 August 2024

Published
05 August 2024
Modified
20 September 2024
KEV Added
Patch
CVSS Score v3.1 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
EPSS Score 0.3031 96.8th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41958 is a medium-severity Incorrect Comparison (CWE-697) vulnerability in Mailcow Mailcow\. Its CVSS base score is 6.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 3.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

mailcow: dockerized, an open source groupware and email suite based on Docker, contains a flaw in its two-factor authentication mechanism. The vulnerability allows an authenticated attacker to bypass 2FA checks and obtain access to other accounts that are otherwise protected by 2FA.

Exploitation requires the attacker to already hold valid credentials for both an account under their control and a target account that has 2FA enabled. With those credentials the attacker can circumvent the 2FA process and reach the protected account. The issue is rated 6.6 under CVSS 3.1.

The flaw was corrected in the 2024-07 release. Administrators are advised to upgrade, as the project states that no workarounds exist. Further information is provided in the GitHub security advisory GHSA-4fcc-q245-qqgg and the referenced commit. The EPSS score has remained flat at 0.3031 with no material increase after disclosure.

EU & UK References

Vulnerability details

mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that…

more

are otherwise secured with 2FA. To exploit this vulnerability, the attacker must first have access to an account within the system and possess the credentials of the target account that has 2FA enabled. By leveraging these credentials, the attacker can circumvent the 2FA process and gain access to the protected account. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1556.006 Multi-Factor Authentication Defense Impairment
Adversaries may disable or modify multi-factor authentication (MFA) mechanisms to enable persistent access to compromised accounts.
Why these techniques?

The 2FA bypass vulnerability enables an authenticated attacker possessing target credentials to circumvent multi-factor authentication (T1556.006) and gain unauthorized access to other accounts, facilitating exploitation for privilege escalation (T1068).

Affected Assets

mailcow
mailcow\
_dockerized

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References