On Sept. 6, 2019, the Exim development team released a patch for CVE-2019-15846, which fixed a privileged, unauthenticated remote code execution (RCE) weakness in its popular internet email server software. Exim is one of the most popular mail transfer agents (MTAs) running on the open internet today.
Attackers who successfully exploit this flaw will gain full “root” access to their target systems.
Organizations that run Exim—which would include major corporations, regional ISPs, state universities, and other large organizations—are strongly encouraged to patch their systems immediately, as the Exim team has a working, private proof-of-concept (PoC) exploit for this vulnerability. Currently, there are no known public exploits for CVE-2019-15846, but that could change at any time. Mitigation is possible without patching, but it requires disabling the ability to send encrypted mail, which is not recommended for privacy reasons.
Versions of Exim prior to 4.80 do not appear to be vulnerable to this particular RCE vulnerability, but do have other remote code execution flaws and other serious issues that make them even more vital to get up and running on current, patched releases.
Organizations using cPanel to manage Exim can follow cPanel’s patch guidance to ensure they are running a version of Exim that is not vulnerable to CVE-2019-15846. cPanel is one of the most popular GUI administration wrappers for Exim and is used extensively in Exim deployments.
Rapid7 InsightVM and 15846 privileged remote execution vulnerability mailer
