Vulnerabilities > CVE-2022-35223 - Deserialization of Untrusted Data vulnerability in Easyuse Mailhunter Ultimate 2020

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

easyuse

CWE-502

critical

NVD

Published: 2022-08-02

Updated: 2022-10-26

Summary

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service.

Vulnerable Configurations

Part	Description	Count
Application	Easyuse Easyuse Mailhunter Ultimate - Easyuse Mailhunter Ultimate 2020	2

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://www.twcert.org.tw/tw/cp-132-6365-b056c-1.html
https://www.chtsecurity.com/news/a381467e-74ff-4a8c-a4d3-fc86720f5400