Our intelligence team has uncovered reports detailing six zero-day vulnerabilities within Exim mail servers. Zero-day vulnerabilities are security weaknesses in a program or network for which no patch or fix currently exists.
Among these vulnerabilities, CVE-2023-42115 is rated critical, with a CVSS score of 9.8 out of 10. These vulnerabilities are present in all versions of Exim mail transfer agents and could potentially allow hackers to execute remote code (RCE) on Internet-exposed servers.
The specific flaw exists within the SMTP service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer.
Alarming data from a Shodan search indicates that over 3.5 million servers are exposed to these vulnerabilities. The other five vulnerabilities are listed below:
- CVE-2023-42116: Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVSS v3.0 8.1)
- CVE-2023-42117: Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability (CVSS v3.0 8.1)
- CVE-2023-42118: Exim libspf2 Integer Underflow Remote Code Execution Vulnerability (CVSS v3.0 7.5)
- CVE-2023-42119: Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability (CVSS v3.0 3.1)
- CVE-2023-42114: Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability (CVSS v3.0 3.7)
What actions should your clients take?
Until a patch is released, it's imperative for your clients to restrict and closely monitor system access. Employee training on identifying threats, along with implementing security measures like firewalls and antivirus software, is crucial.
However, as with all cyber threats, early detection is the best way to stay protected. Stay ahead with our cyber risk monitoring software, Breach Check, which enables you to scan any global business for cyber threats, including vulnerabilities and hacker chatter.
If you'd like our team to conduct a check to determine whether your clients or prospects are exposed due to this vulnerability, please contact us at sales@dynarisk.com.