๐Ÿ›ก [email protected]/:~# โ€‹Feb 13, 2024

"๐Ÿšจ #RoundCubeUnderSiege - CISA Alerts on Roundcube as a frequent attack vector. ๐Ÿšจ"

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about active exploitation of a vulnerability in the RoundCube webmail software. Attackers are leveraging this flaw to execute arbitrary code on vulnerable servers. This Medium vulnerability, identified as CVE-2023-43770 (CVSS score: 6.1), allows attackers XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior on Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 .๐Ÿ”๐Ÿ’ป

Tags: #CyberSecurity #CISA #RoundCube #EmailSecurity #VulnerabilityManagement #PatchManagement #ThreatIntelligence #InfoSec

Source: Cisa.gov