Axigen Mail Server Improper Access Control Vulnerability in WebAdmin Interface

A vulnerability allowing improper access control has been identified in Axigen Mail Server versions 10.3.x, 10.4.x, 10.5.x prior to 10.5.57, and 10.6.x prior to 10.6.26. This vulnerability exists in the WebAdmin interface, where a delegated admin account with no permissions can bypass access controls and access the SSL Certificates management endpoint. This unauthorized access allows the admin to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section. Exploitation of this vulnerability could lead to manipulation of SSL certificates, potentially causing man-in-the-middle attacks, service disruption, or domain impersonation. Furthermore, this access could be used to exploit existing cross-site scripting vulnerabilities on the SSL Certificates page, targeting other administrator accounts and possibly leading to a complete system compromise.

Impact

Exploitation of this vulnerability could allow unauthorized access to SSL certificate management, enabling manipulation of SSL certificates. This could result in man-in-the-middle attacks, service disruption, or domain impersonation. Additionally, the vulnerability could be exploited to target other administrator accounts through existing cross-site scripting vulnerabilities, potentially leading to a complete system compromise.

Remediation

Users are advised to update to Axigen Mail Server version 10.5.57 or 10.6.26, depending on their current version.