CVE-2020-13376 – This vulnerability in SecurEnvoy SecurMail 9.3.... (How to Fix)

Q: What is the severity of CVE-2020-13376?

CVE-2020-13376 has a CVSS score of 9.0 (CRITICAL). This vulnerability in SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files via a crafted cookie, leading to remote command execution on the underlying operating system. It affects organizations using the vulnerable version of SecurEnvoy's email security product.

📋 TL;DR

This vulnerability in SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files via a crafted cookie, leading to remote command execution on the underlying operating system. It affects organizations using the vulnerable version of SecurEnvoy's email security product.

💻 Affected Systems

Products:

SecurEnvoy SecurMail

Versions: 9.3.503

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SecurMail to be exposed to untrusted networks or users.

📦 What is this software?

Securmail by Securenvoy

View all CVEs affecting Securmail →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the server, data exfiltration, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to data theft, service disruption, or deployment of ransomware/malware.

🟢

If Mitigated

Limited impact with proper network segmentation, but still potential for initial foothold in the environment.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires crafting a specific cookie value to trigger file upload and path traversal.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.3.504 or later

Vendor Advisory: https://www.securenvoy.com/en-gb/support

Restart Required: Yes

Instructions:

1. Contact SecurEnvoy support for patch 2. Apply patch following vendor instructions 3. Restart SecurMail service 4. Verify fix is applied

🔧 Temporary Workarounds

Cookie Validation Filter

all

Implement web application firewall or reverse proxy rules to validate and sanitize SecurEnvoyReply cookie values

File Upload Restriction

windows

Configure SecurMail to restrict uploads to non-executable file types only

🧯 If You Can't Patch

Isolate SecurMail server in a DMZ with strict inbound/outbound firewall rules
Implement network segmentation to limit lateral movement from compromised server

🔍 How to Verify

Check if Vulnerable:

Check SecurMail version in administrative interface - if version is 9.3.503, system is vulnerable

Check Version:

Check SecurMail web interface > About or System Information

Verify Fix Applied:

Verify version is updated to 9.3.504 or later in administrative interface

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads via SecurMail interface
Suspicious SecurEnvoyReply cookie values in web logs
Unexpected process execution on SecurMail server

Network Indicators:

Unusual outbound connections from SecurMail server
File uploads to unexpected locations

SIEM Query:

source="securenvoy" AND (cookie="SecurEnvoyReply" OR path="*upload*")

📊 Metadata

CVE ID: CVE-2020-13376

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-22

Published: August 7, 2020

Last Updated: November 21, 2024

🔗 References

https://sidechannel.tempestsi.com/path-traversal-vulnerability-in-securenvoy-impacts-on-remote-command-execution-through-file-upload-ec2e731bd50a Exploit,Third Party Advisory
https://www.securenvoy.com/en-gb/support Vendor Advisory
https://sidechannel.tempestsi.com/path-traversal-vulnerability-in-securenvoy-impacts-on-remote-command-execution-through-file-upload-ec2e731bd50a Exploit,Third Party Advisory
https://www.securenvoy.com/en-gb/support Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-13376, you might also want to check these: