by Excellium SA

Abstract Advisory Information

The service to test the mail server configuration suffers from an authorization issue allowing a user with the “Guest” role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment.

Authors: Dominique Righetto from Excellium-services company

Version affected

Name: Remote Access Plus
Versions: 10.0.447

Common Vulnerability Scoring System



Fixed in version 10.0.451


Vulnerability Disclosure Timeline

  • 21/10/2019: vulnerability discovered.
  • 25/10/2019: First Contact to Vendor
  • 29/10/2019: Vendor feedback, investigation running
  • 08/11/2019: Request for updates
  • 18/11/2019: Request for updates
  • 18/12/2019: Request for updates
  • 03/01/2020: Request for updates
  • 03/01/2020: Vulnerability is fixed and release in progress
  • 27/01/2020: Request for updates
  • 17/02/2020: Patch is available
  • 17/02/2020: Request CVE ID to Mitre
  • 17/02/2020: CVE ID assigned
  • 19/02/2020: Public disclosure