CVE-2020-12618
First published: Thu Aug 20 2020(Updated: )
eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Emclient Em Client | <7.2.33412.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-12618?
The severity of CVE-2020-12618 is medium with a CVSS score of 4.8.
How does CVE-2020-12618 impact eM Client?
CVE-2020-12618 impacts eM Client versions up to and including 7.2.33412.0.
What is the vulnerability description of CVE-2020-12618?
CVE-2020-12618 is a vulnerability in eM Client that allows a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated.
How can a man-in-the-middle attacker exploit CVE-2020-12618?
A man-in-the-middle attacker can exploit CVE-2020-12618 by obtaining an email-validated S/MIME certificate from a trusted CA and replacing the public key of the entity to be impersonated.
How can I fix CVE-2020-12618?
To fix CVE-2020-12618, users should update to eM Client version 7.2.33412.0 or newer.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/emclient
- canonical/emclient em client