top of page

[Remote Code Execution (RCE) Vulnerability]

This advisory addresses a security issue reported and patched in CelloOS version 4.5.0 and in earlier versions. 


It is recommended to update to CelloOS version 4.5 Build0529 or versions after to resolve this security vulnerability. 


  1. Cause: The SMTP Listener failed to effectively detect the length and content of SMTP session commands, resulting in a Buffer Overflow vulnerability. This vulnerability can be exploited for Remote Code Execution (RCE). 


  1. Fix: The Buffer Overflow vulnerability has been fixed, and syntax checks for all SMTP session commands have been enhanced. 


The Cellopoint Support Team will assist you with the upgrade. 

Technical support email: support@cellopoint.com

Recent Posts

Comments


bottom of page