Attacker Value
Very High
(2 users assessed)
Exploitability
Very High
(2 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
3

Exim Unauthenticated Remote Code Execution via SNI Trailing Backslash

Disclosure Date: September 06, 2019 Last updated March 03, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. If the Exim server accepts TLS connections, the vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake.

Add Assessment

5
Ratings
  • Attacker Value
    Very High
Technical Analysis

Exim is run on approximately 57% of the publicly reachable mail servers on the Internet, based on an August 2019 study performed by E-Soft, Inc. 1

3
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

Due to public exploits being available : https://github.com/synacktiv/Exim-CVE-2019-15846, and the fact that Exim is installed on a large number of mail servers, the value to an attacker lies in the fact that this requires no authentication.

There is a deeper explanation of the vulnerability here: https://www.synacktiv.com/posts/exploit/scraps-of-notes-on-exploiting-exim-vulnerabilities.html

General Information

Additional Info

Technical Analysis