Attacker Value
High
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

Exim SMTP server RCE via base64d

Disclosure Date: February 08, 2018 Last updated February 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Exim SMTP email server (versions before 4.90) are vulnerable to remote code execution via a vulnerability in Base64 decoding.

Add Assessment

1
Ratings
  • Attacker Value
    High
Technical Analysis

There are a few PoCs for this one. Exim is a bear to setup and I wouldn’t be shocked to find unpatched servers because sysadmins don’t want to touch them. Since they’d be Internet-accessible, there’s a lot of attacker utility here for the small population that uses Exim.

General Information

Additional Info

Technical Analysis