HomePentest-Tools.com Logo

Exim - Remote Code Execution (CVE-2019-10149)

Severity
CVSSv3 Score
9.8
Exploitable with Sniper
Yes
Vulnerability description

Exim server is affected by a Remote Code Execution vulnerability. The root cause of this vulnerability consists in a lack of validation of recipient address in deliver_message() function. Therefore, an unauthenticated remote attacker could send an email to ${run{command in hex format}}@localhost and trigger the vulnerability.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Upgrade Exim mail server to a version equal or higher of 4.92.

Detectable with
Network Scanner
Vuln date
Jul 2019
Published at
Updated at
Software Type
Mail Transfer Agent
Vendor
Exim
Product
Exim
Codename
Not available