Sign-up

ID

VAR-201710-0925


CVE

CVE-2017-12638


TITLE

Ipswitch IMail Server Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-008529 // CNNVD: CNNVD-201710-444

DESCRIPTION

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE. Ipswitch IMail Server Contains a buffer error vulnerability. This vulnerability is also known as “ ETBL Or ETCETERABLUE Is called.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. A remote attacker could exploit this vulnerability to execute arbitrary code

Trust: 1.71

sources: NVD: CVE-2017-12638 // JVNDB: JVNDB-2017-008529 // VULHUB: VHN-103180

AFFECTED PRODUCTS

vendor:ipswitchmodel:imail serverscope:lteversion:12.5.5

Trust: 1.8

vendor:ipswitchmodel:imail serverscope:eqversion:12.5.5

Trust: 0.6

sources: JVNDB: JVNDB-2017-008529 // CNNVD: CNNVD-201710-444 // NVD: CVE-2017-12638

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12638
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-12638
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201710-444
value: HIGH

Trust: 0.6

VULHUB: VHN-103180
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12638
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-103180
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12638
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-103180 // JVNDB: JVNDB-2017-008529 // CNNVD: CNNVD-201710-444 // NVD: CVE-2017-12638

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-103180 // JVNDB: JVNDB-2017-008529 // NVD: CVE-2017-12638

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-444

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201710-444

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008529

PATCH
title:Release Notes for IMail Server v12.5.6url:https://docs.ipswitch.com/_Messaging/IMailServer/v12.5.6/ReleaseNotes/index.htm#link8
Trust: 0.8
title:Ipswitch IMail Server Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75526
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-008529 // 
            
            
            
            CNNVD: CNNVD-201710-444

EXTERNAL IDS
db:NVDid:CVE-2017-12638
Trust: 2.5
db:JVNDBid:JVNDB-2017-008529
Trust: 0.8
db:CNNVDid:CNNVD-201710-444
Trust: 0.7
db:VULHUBid:VHN-103180
Trust: 0.1
sources:
            
            
            VULHUB: VHN-103180 // 
            
            
            
            JVNDB: JVNDB-2017-008529 // 
            
            
            
            CNNVD: CNNVD-201710-444 // 
            
            
            
            NVD: CVE-2017-12638

REFERENCES
url:https://docs.ipswitch.com/_messaging/imailserver/v12.5.6/releasenotes/index.htm#link8
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12638
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12638
Trust: 0.8
sources:
            
            
            VULHUB: VHN-103180 // 
            
            
            
            JVNDB: JVNDB-2017-008529 // 
            
            
            
            CNNVD: CNNVD-201710-444 // 
            
            
            
            NVD: CVE-2017-12638

SOURCES
db:VULHUBid:VHN-103180
db:JVNDBid:JVNDB-2017-008529
db:CNNVDid:CNNVD-201710-444
db:NVDid:CVE-2017-12638

LAST UPDATE DATE
2025-04-20T23:42:05.096000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-103180date:2017-10-10T00:00:00
db:JVNDBid:JVNDB-2017-008529date:2017-10-23T00:00:00
db:CNNVDid:CNNVD-201710-444date:2017-10-17T00:00:00
db:NVDid:CVE-2017-12638date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-103180date:2017-10-03T00:00:00
db:JVNDBid:JVNDB-2017-008529date:2017-10-23T00:00:00
db:CNNVDid:CNNVD-201710-444date:2017-10-17T00:00:00
db:NVDid:CVE-2017-12638date:2017-10-03T01:29:01.263