Executive Summary

SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution.

CVSS Score: 9.0/10.0
Severity: CRITICAL

Affected Systems

  • SmarterTools SmarterMail

Detection & Mitigation

  • Apply vendor patches as soon as available
  • Monitor for indicators of compromise
  • Review vendor advisories for specific guidance

References