CVE-2024-28589 is a security vulnerability identified in Axigen Mail Server for Windows, specifically versions 10.5.18 and earlier. The issue stems from insecure DLL loading during the initialization of the Axigen service. The service loads DLLs from a directory that is world-writable, meaning any local user with low privileges can place a malicious DLL in this directory. When the service starts, it loads the attacker's DLL, resulting in arbitrary code execution within the context of the service, which typically runs with elevated privileges. This leads to privilege escalation, allowing the attacker to gain higher-level access than originally permitted. The vulnerability is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), highlighting the improper permissions on the directory used for DLL loading. The CVSS v3.1 base score is 6.7, reflecting a medium severity with high impact on confidentiality, integrity, and availability, but requiring local access with some privileges and no user interaction. No patches or exploits are currently publicly available, but the risk remains significant due to the potential for privilege escalation on critical mail infrastructure.

The vulnerability allows local attackers to execute arbitrary code with elevated privileges on affected Axigen Mail Server installations. This can lead to full compromise of the mail server, including unauthorized access to sensitive email data, disruption of mail services, and potential lateral movement within the network. The integrity of email communications can be compromised, and attackers could use the server as a foothold for further attacks. Organizations relying on Axigen Mail Server for critical communications face risks of data breaches, service outages, and reputational damage. Since exploitation requires local access, insider threats or attackers who have already gained limited access pose the greatest risk. The lack of known exploits in the wild reduces immediate threat but does not eliminate the risk of future exploitation.

To mitigate this vulnerability, organizations should immediately review and restrict permissions on directories used by the Axigen Mail Server for DLL loading, ensuring they are not world-writable. Applying the latest patches or updates from Axigen once available is critical. Until patches are released, consider running the Axigen service with the least privileges necessary and monitor for suspicious DLL files in the service directories. Implement strict access controls and auditing on servers running Axigen to detect unauthorized file modifications. Employ host-based intrusion detection systems (HIDS) to alert on unusual DLL loads or privilege escalations. Additionally, limit local user accounts and enforce strong endpoint security policies to reduce the risk of local exploitation. Regularly back up mail server data to enable recovery in case of compromise.