E-Mail Security Virtual Appliance Command Injection Vulnerability in learn-msg.cgi

A command injection vulnerability has been identified in the E-Mail Security Virtual Appliance (ESVA) version ESVA_2057. The vulnerability resides in the learn-msg.cgi script, where the CGI handler fails to properly sanitize user input provided through the id parameter. This oversight allows unauthenticated attackers to inject and execute arbitrary shell commands on the underlying system. The exploitation of this vulnerability requires no authentication, leading to full command execution.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server where ESVA is running.

Reproduction

To reproduce this vulnerability, send a GET request to the '/cgi-bin/learn-msg.cgi' endpoint with an injected command in the 'id' parameter. The injection can be verified by including a command that echoes back output, such as 'echo test'. If the response includes the echoed text, the vulnerability has been successfully exploited.