CVE-2024-24133 – CVE-2024-24133 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2024-24133?

CVE-2024-24133 has a CVSS score of 9.8 (CRITICAL). CVE-2024-24133 is a critical SQL injection vulnerability in Atmail v6.6.0 that allows attackers to execute arbitrary SQL commands via the username parameter on the login page. This affects all organizations running the vulnerable version of Atmail email server software. Successful exploitation could lead to authentication bypass, data theft, or complete system compromise.

📋 TL;DR

CVE-2024-24133 is a critical SQL injection vulnerability in Atmail v6.6.0 that allows attackers to execute arbitrary SQL commands via the username parameter on the login page. This affects all organizations running the vulnerable version of Atmail email server software. Successful exploitation could lead to authentication bypass, data theft, or complete system compromise.

💻 Affected Systems

Products:

Atmail

Versions: v6.6.0

Operating Systems: Linux, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version 6.6.0; earlier or later versions may not be vulnerable.

📦 What is this software?

Atmail by Atmail

View all CVEs affecting Atmail →

Atmail by Atmail

View all CVEs affecting Atmail →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to credential theft, data exfiltration, privilege escalation to system-level access, and potential installation of persistent backdoors.

🟠

Likely Case

Authentication bypass allowing unauthorized access to email accounts, extraction of sensitive user data, and potential lateral movement within the email system.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation preventing database access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via login page requires no authentication and has public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.6.1 or later

Vendor Advisory: https://atmail.com/security-advisory/

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download latest Atmail version from official vendor. 3. Follow vendor upgrade documentation. 4. Restart Atmail services. 5. Verify functionality.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns in login requests

Input Validation Filter

all

Implement custom input validation to sanitize username parameter

🧯 If You Can't Patch

Implement network segmentation to isolate Atmail server from critical databases
Deploy intrusion detection systems monitoring for SQL injection patterns

🔍 How to Verify

Check if Vulnerable:

Check Atmail version via admin interface or configuration files; if version is exactly 6.6.0, system is vulnerable.

Check Version:

cat /path/to/atmail/version.txt or check admin dashboard

Verify Fix Applied:

Verify Atmail version is 6.6.1 or later and test login functionality with SQL injection payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts with SQL syntax in username field
Database connection errors

Network Indicators:

HTTP POST requests to login endpoint containing SQL keywords (UNION, SELECT, etc.)
Unusual database traffic patterns

SIEM Query:

source="atmail.logs" AND ("sql" OR "syntax" OR "union" OR "select") AND uri_path="/login"

📊 Metadata

CVE ID: CVE-2024-24133

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 7, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/Hebing123/cve/issues/16 Third Party Advisory
https://github.com/Hebing123/cve/issues/16 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24133, you might also want to check these: