Vulnerability Found in Millions of Email Systems
The vuln could allow remote execution of code with root privilege in more than 4.1 million systems.
Security researchers at Qualys Common discovered a remote command execution vulnerability in older versions of mail transfer agent (MTA) Exim — a critical, open source piece of the email infrastructure in many organizations.
An MTA functions much like a router dedicated to email. Researchers have found more than 4.1 million systems are potentially vulnerable to the flaw.
Exim's maintainers acknowledged the vulnerability (CVE-2019-10149) on June 3. Present in Exim 4.87 through 4.91, the vulnerability could allow an attacker to execute commands as root, with no privilege escalation required.
According to researchers at Tenable, no exploits have been seen in the wild, though they expect at least proof-of-concept exploits to appear in the near future. In the meantime, the vulnerability has been patched, though a Shodan scan executed by Tenable researchers on June 6 showed just 475,591 running updated and patched versions of Exim.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024