Vulnerability in Watchguard Xcs

CVE-2011-2165

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed a…

EPSS: 0.066 (91.4th percentile) — read the EPSS interpretation.

Affected products

Watchguard Xcs — versions 9.0, 9.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

watchguardxcs-starttls-command-execution(67729) (vdb-entry, x_refsource_XF)
44753 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, US Government Resource)
cve@mitre.org (x_refsource_CONFIRM)
VU#555316 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)