CVE-2023-46116 – Tutanota (Tuta Mail) email client versions befo... (How to Fix)

Q: What is the severity of CVE-2023-46116?

CVE-2023-46116 has a CVSS score of 9.3 (CRITICAL). Tutanota (Tuta Mail) email client versions before 3.118.12 fail to properly validate URL schemes when opening links from emails. This allows attackers to craft malicious emails containing ftp:, smb:, or other dangerous URL schemes that can execute arbitrary code on the victim's computer when clicked. All Tutanota desktop users running vulnerable versions are affected.

📋 TL;DR

Tutanota (Tuta Mail) email client versions before 3.118.12 fail to properly validate URL schemes when opening links from emails. This allows attackers to craft malicious emails containing ftp:, smb:, or other dangerous URL schemes that can execute arbitrary code on the victim's computer when clicked. All Tutanota desktop users running vulnerable versions are affected.

💻 Affected Systems

Products:

Tutanota (Tuta Mail) desktop client

Versions: All versions prior to 3.118.12

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects desktop applications, not mobile apps or web interface.

📦 What is this software?

Tutanota by Tuta

View all CVEs affecting Tutanota →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attacker to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Targeted phishing campaigns delivering malware or ransomware via crafted email links.

🟢

If Mitigated

No impact if patched version is used or if users avoid clicking suspicious links.

🌐 Internet-Facing: HIGH - Attackers can send malicious emails from anywhere on the internet.

🏢 Internal Only: MEDIUM - Internal phishing campaigns could exploit this, but requires user interaction.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user to click a malicious link in an email. Proof-of-concept video demonstrates the attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.118.12

Vendor Advisory: https://github.com/tutao/tutanota/security/advisories/GHSA-mxgj-pq62-f644

Restart Required: Yes

Instructions:

1. Open Tutanota desktop application. 2. Check for updates in settings or about menu. 3. Download and install version 3.118.12 or later. 4. Restart the application.

🔧 Temporary Workarounds

Disable external link opening

all

Configure Tutanota to not open links in external applications

Not applicable - configure in application settings

Use web or mobile version

all

Switch to Tutanota web interface or mobile apps which are not affected

🧯 If You Can't Patch

Implement email filtering to block emails with suspicious URL schemes
Train users to never click links in unsolicited emails

🔍 How to Verify

Check if Vulnerable:

Check Tutanota version in Help > About menu. If version is below 3.118.12, you are vulnerable.

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

After updating, verify version is 3.118.12 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Process execution from Tutanota with unusual parameters
Network connections to unusual protocols (ftp, smb) initiated by Tutanota

Network Indicators:

Outbound connections to FTP or SMB servers from user workstations running Tutanota

SIEM Query:

process_name:"Tutanota.exe" AND (cmdline:*ftp* OR cmdline:*smb* OR cmdline:*://*)

📊 Metadata

CVE ID: CVE-2023-46116

CVSS v3 Score: 9.3 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE: CWE-20

Published: December 15, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46116, you might also want to check these: