Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Zero-Day Vulnerability Affecting Exim Mail Transfer Agent
Alerts

Critical Zero-Day Vulnerability Affecting Exim Mail Transfer Agent

2 October 2023

Security researchers have discovered a critical vulnerability (CVE-2023-42115) affecting Exim Mail Transfer Agent (MTA), due to an Out-of-bounds Write weakness found in the SMTP service. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the input validation vulnerability could allow a remote and unauthenticated attacker to perform remote code execution (RCE) on vulnerable servers.

The vulnerability affects all versions of Exim MTA.

Users and administrators of the affected product versions are advised to upgrade to the latest product version immediately.

More information is available here:

https://www.zerodayinitiative.com/advisories/ZDI-23-1469/

https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-exposed-to-zero-day-rce-attacks/

Back to top