Exim Vulnerable to Zero-Day Remote Code Execution Attacks

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

Six zero-day vulnerabilities have been discovered in the Exim Internet Mailer, potentially putting thousands of email servers worldwide at risk. These vulnerabilities, if successfully exploited, could result in information disclosure and remote code execution, posing significant security threats to affected systems. Among these vulnerabilities, CVE-2023-42115 stands out as the most severe, as it allows remote, unauthenticated attackers to execute arbitrary code on Exim installations.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.