CVE-2023-23566
published 2023-01-13CVE-2023-23566: A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to…
PriorityP351critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.95%
56.7th percentile
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axigen | axigen_mail_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/umz-cert/vulnerabilities/issues/1https://github.com/umz-cert/vulnerabilitys/blob/patch-1/Axigen%20Mail%20Server%2010.3.3.52%202-Step%20verificationhttps://www.axigen.com/documentation/2-step-verification-two-factor-authentication-for-webmail-p69140479https://www.axigen.com/mail-server/download/https://github.com/umz-cert/vulnerabilities/issues/1https://github.com/umz-cert/vulnerabilitys/blob/patch-1/Axigen%20Mail%20Server%2010.3.3.52%202-Step%20verificationhttps://www.axigen.com/documentation/2-step-verification-two-factor-authentication-for-webmail-p69140479https://www.axigen.com/mail-server/download/
2023-01-13
Published