Vulnerability Details CVE-2020-12619
MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.9%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2020-12619
-
cpe:2.3:a:freron:mailmate:-
-
cpe:2.3:a:freron:mailmate:1.0.1
-
cpe:2.3:a:freron:mailmate:1.0.2
-
cpe:2.3:a:freron:mailmate:1.1
-
cpe:2.3:a:freron:mailmate:1.1.1
-
cpe:2.3:a:freron:mailmate:1.1.2
-
cpe:2.3:a:freron:mailmate:1.10
-
cpe:2.3:a:freron:mailmate:1.2
-
cpe:2.3:a:freron:mailmate:1.3
-
cpe:2.3:a:freron:mailmate:1.3.1
-
cpe:2.3:a:freron:mailmate:1.4
-
cpe:2.3:a:freron:mailmate:1.4.1
-
cpe:2.3:a:freron:mailmate:1.4.2
-
cpe:2.3:a:freron:mailmate:1.4.3
-
cpe:2.3:a:freron:mailmate:1.5
-
cpe:2.3:a:freron:mailmate:1.5.1
-
cpe:2.3:a:freron:mailmate:1.5.2
-
cpe:2.3:a:freron:mailmate:1.5.3
-
cpe:2.3:a:freron:mailmate:1.5.4
-
cpe:2.3:a:freron:mailmate:1.6
-
cpe:2.3:a:freron:mailmate:1.7
-
cpe:2.3:a:freron:mailmate:1.7.1
-
cpe:2.3:a:freron:mailmate:1.7.2
-
cpe:2.3:a:freron:mailmate:1.8
-
cpe:2.3:a:freron:mailmate:1.9
-
cpe:2.3:a:freron:mailmate:1.9.1
-
cpe:2.3:a:freron:mailmate:1.9.2
-
cpe:2.3:a:freron:mailmate:1.9.3
-
cpe:2.3:a:freron:mailmate:1.9.4
-
cpe:2.3:a:freron:mailmate:1.9.5
-
cpe:2.3:a:freron:mailmate:1.9.6
-
cpe:2.3:a:freron:mailmate:1.9.7