CVE-2020-12641 on CISA KEV
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
CISA KEV — Actively Exploited
Roundcube Webmail Remote Code Execution Vulnerability
Vendor / Product
— / Roundcube / Roundcube Webmail
CVSS / EPSS
— — · EPSS 93.13%
01What CISA says about this vulnerability
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
02Required action — verbatim from CISA
Apply updates per vendor instructions.
03Notes & references
- github.com — https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
- github.com — https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
- roundcube.net — https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
- github.com — https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035…
- github.com — https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%…
- security.gentoo.org — https://security.gentoo.org/glsa/202007-41
- lists.opensuse.org — http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
04SARA's analyst layer — why this matters
This vulnerability is currently on the CISA KEV list, which CISA only adds CVEs to when there is reliable evidence of active exploitation in the wild. For federal civilian agencies, BOD 22-01 requires remediation by the due date above. For everyone else, KEV is the strongest "patch immediately" signal you can get from public threat intel.
05Affected products (summary)
| Vendor | Product | Versions |
|---|
| n | a / n/a | n/a |
06Detection
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection:
Open in Sigma generator →