Login Sign Up

CVE-2020-28944

7.5 HIGH
Denial of Service SSRF

📋 TL;DR

This vulnerability in OX Guard allows attackers to cause Denial of Service by exploiting a WKS server that responds slowly or with excessive data. It affects OX Guard version 2.10.4 and earlier, potentially disrupting email security services for organizations using this software.

💻 Affected Systems

Products:
  • OX Guard
Versions: 2.10.4 and earlier
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability requires OX Guard to be configured to use WKS (Web Key Service) servers.

📦 What is this software?

Ox Guard by Open Xchange

View all CVEs affecting Ox Guard →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of OX Guard email security functionality, preventing email filtering and security scanning operations.

🟠

Likely Case

Degraded performance or temporary unavailability of OX Guard services, impacting email security operations.

🟢

If Mitigated

Minimal impact with proper network segmentation and rate limiting in place.

🌐 Internet-Facing: MEDIUM - Requires interaction with WKS server which may be internet-facing, but exploitation depends on specific configuration.
🏢 Internal Only: MEDIUM - Internal WKS servers could be targeted if network access exists.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires ability to control or influence WKS server responses. Public exploit details available in Packet Storm references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OX Guard 2.10.5 or later

Vendor Advisory: https://open-xchange.com

Restart Required: Yes

Instructions:

1. Download latest OX Guard version from vendor portal. 2. Backup current configuration. 3. Stop OX Guard services. 4. Install updated version. 5. Restart services. 6. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict OX Guard access to trusted WKS servers only

iptables -A OUTPUT -p tcp --dport 443 -d trusted_wks_server -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j DROP

Rate Limiting

all

Implement rate limiting on WKS server responses

Configure web server rate limiting for WKS endpoints

🧯 If You Can't Patch

  • Implement strict network controls to limit OX Guard's access to only essential, trusted WKS servers
  • Monitor WKS server response times and implement alerts for abnormal delays or large data transfers

🔍 How to Verify

Check if Vulnerable:

Check OX Guard version via admin interface or configuration files. Versions 2.10.4 and earlier are vulnerable.

Check Version:

grep version /opt/open-xchange/etc/guard.properties

Verify Fix Applied:

Verify OX Guard version is 2.10.5 or later and test WKS functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

  • Unusually long WKS server response times
  • Large data transfers from WKS servers
  • OX Guard service restarts or crashes

Network Indicators:

  • Abnormal traffic patterns to/from WKS servers
  • Sustained connections to WKS servers

SIEM Query:

source="ox-guard.log" AND ("WKS timeout" OR "response too large" OR "service unavailable")

📊 Metadata

CVE ID: CVE-2020-28944
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: April 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28944, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)