CVE-2017-7414

Published Apr 4, 2017

Last updated 5 years ago

Overview

Description: In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 5.9
Exploitability score: 1.6
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-78

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.0.0:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74C2C13C-0014-4E45-B459-50B7005C828D"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.0.0:rc1:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C63CC65-6B19-4B8D-A4DC-3B0C3055E8A7"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.0.1:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A09D1D89-A623-442E-9261-F58031BB517D"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.0.2:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C36F237-9CBF-4E9E-A1DF-ABCB0187E725"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.0.3:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9103D5DE-E24A-476F-AEE9-68E3736E1C7E"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.0.4:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F5106E5-050E-443C-9A67-0210AA01FE35"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.0.5:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0ABE42CD-F4E3-4255-985D-6AC712231134"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.1.0:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "693E0F58-A378-4A85-94B1-66709A557623"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.1.0:rc1:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB8CD370-1B28-4E95-A357-C0476458A0F3"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.1.1:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3203790-5230-4F8F-AE5E-F2D48B0B1767"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.1.2:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36EBEA90-C1D6-4AFE-B04D-F085986F8B92"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.1.3:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E2F5341-D61A-4FDB-99DE-4B65B6F333C6"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.1.4:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4ADEB382-91FB-4664-9569-BFBBFD0577D6"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.1.5:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A74B6B18-FFD3-4B38-B828-84178B0BEA4D"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.2.0:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D8D3E4C-4AE6-4168-9865-8D3D19746B45"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.2.0:rc1:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "427CB5A7-2344-4BF2-A741-1E0A6A4972AD"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.2.1:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6A8F086-D6B2-4CFB-8493-C40707E8E04D"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.2.2:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C08B8F45-34B5-46C7-B333-20413E8B4AA8"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.2.3:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D963CE7-E4DD-4FFE-83A0-39D465B9B59C"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.2.4:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D12CBE60-F694-44C2-91E5-4676D7F80168"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.2.5:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "601DED27-8DD8-4B8E-89A9-1A883594D237"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.2.6:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E47C6EF6-5006-40D6-BEFD-AEAE61200711"
          },
          {
            "criteria": "cpe:2.3:a:horde:groupware:5.2.7:*:*:*:webmail:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6670DC6-A5F2-4C70-A13F-012125B71012"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References