CVE-2023-34207 – This vulnerability allows remote authenticated ... (How to Fix)

Q: What is the severity of CVE-2023-34207?

CVE-2023-34207 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows remote authenticated users to upload malicious ZIP archives that can execute arbitrary system commands with SYSTEM privileges in EasyUse MailHunter Ultimate. Attackers can achieve full system compromise on affected installations. Only users with authenticated access to the application are affected.

📋 TL;DR

This vulnerability allows remote authenticated users to upload malicious ZIP archives that can execute arbitrary system commands with SYSTEM privileges in EasyUse MailHunter Ultimate. Attackers can achieve full system compromise on affected installations. Only users with authenticated access to the application are affected.

💻 Affected Systems

Products:

EasyUse MailHunter Ultimate

Versions: 2023 and earlier versions

Operating Systems: Windows (based on NT Authority\SYSTEM reference)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the create template function. The application must be running with SYSTEM privileges for maximum impact.

📦 What is this software?

Mailhunter Ultimate by Easyuse

View all CVEs affecting Mailhunter Ultimate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with SYSTEM privileges, enabling data theft, ransomware deployment, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Attackers with valid credentials upload malicious ZIP files to execute commands, install malware, or exfiltrate sensitive data from the compromised system.

🟢

If Mitigated

With proper network segmentation and least privilege, impact is limited to the application server, though SYSTEM access still provides significant control.

🌐 Internet-Facing: HIGH if the application is exposed to the internet, as authenticated users can exploit it remotely.

🏢 Internal Only: HIGH as authenticated internal users or compromised credentials can lead to full system compromise.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained. The vulnerability involves uploading a crafted ZIP archive to trigger command execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates or consider alternative software.

🔧 Temporary Workarounds

Restrict ZIP file uploads

all

Block or filter ZIP file uploads through web application firewall or application configuration

Remove application from internet

all

Ensure the application is only accessible from internal networks with strict access controls

🧯 If You Can't Patch

Implement strict network segmentation to isolate the application server from critical systems
Apply least privilege principles to service accounts and monitor for suspicious file upload activities

🔍 How to Verify

Check if Vulnerable:

Check if running EasyUse MailHunter Ultimate version 2023 or earlier. Review application logs for ZIP file uploads to the create template function.

Check Version:

Check application interface or installation directory for version information (specific command unavailable)

Verify Fix Applied:

Verify by testing if malicious ZIP uploads are blocked or if the application has been updated to a version after 2023.

📡 Detection & Monitoring

Log Indicators:

Unusual ZIP file uploads to create template function
Process execution with SYSTEM privileges following file uploads

Network Indicators:

HTTP POST requests with ZIP file uploads to template creation endpoints

SIEM Query:

source="web_logs" AND (uri_path="/create_template" OR uri_path LIKE "%/template%") AND file_extension="zip"

📊 Metadata

CVE ID: CVE-2023-34207

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: October 17, 2023

Last Updated: November 21, 2024

🔗 References

https://zuso.ai/Advisory/ZA-2023-04 Third Party Advisory
https://zuso.ai/Advisory/ZA-2023-04 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34207, you might also want to check these: