Security researchers at Qualys Common discovered a remote command execution vulnerability in older versions of mail transfer agent (MTA) Exim — a critical, open source piece of the email infrastructure in many organizations.
An MTA functions much like a router dedicated to email. Researchers have found more than 4.1 million systems are potentially vulnerable to the flaw.
Exim's maintainers acknowledged the vulnerability (CVE-2019-10149) on June 3. Present in Exim 4.87 through 4.91, the vulnerability could allow an attacker to execute commands as root, with no privilege escalation required.
According to researchers at Tenable, no exploits have been seen in the wild, though they expect at least proof-of-concept exploits to appear in the near future. In the meantime, the vulnerability has been patched, though a Shodan scan executed by Tenable researchers on June 6 showed just 475,591 running updated and patched versions of Exim.