CVE-2019-10149

Confirmed PUBLISHED

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in...

exim · exim
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.0 Critical

At a Glance

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

metasploit cisa
CVE Published
Jun 05, 2019
Exploitation Reported
Jan 10, 2022
CVSS
9.0 Critical
EPSS
Remote No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
exim
exim

4.92

Affected

CVE References

  • USN-4010-1 usn.ubuntu.com · Vendor Advisory https://usn.ubuntu.com/4010-1/
  • DSA-4456 debian.org · Vendor Advisory https://www.debian.org/security/2019/dsa-4456
  • GLSA-201906-01 security.gentoo.org · Vendor Advisory https://security.gentoo.org/glsa/201906-01
  • openSUSE-SU-2019:1524 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020...
  • 108679 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/108679
Show 15 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.