Vulnerability identifier: #VU18686

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2019-10149

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 8

• July 29, 2021
  • CVE-2019-10149-Exploit (Exploit for CVE-2019-10149) [Github]
• June 17, 2021
  • Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit) [Exploit-DB]
  • Exim 4.87 - 4.91 - Local Privilege Escalation [Exploit-DB]
  • Exim 4.87 < 4.91 - (Local / Remote) Command Execution [Exploit-DB]
• March 18, 2020
  • StickyExim (Exim Honey Pot for CVE-2019-10149 exploit attempts.) [Github]
  • exploits (Some personal exploits/pocs) [Github]
  • Exim 4.87 - 4.91 Local Privilege Escalation [Metasploit]
  • CVE-2019-10149 (CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.) [Github]

Impact: Code execution

Vulnerable software:
Exim
Server applications / Mail servers

Vendor: Exim