Multiple Vulnerabilities in Exim Mail Server

Security advisory discloses six zero-day vulnerabilities, including a critical severity vulnerability that could allow remote code execution

Threat ID:: CC-4386
Threat Severity:: Medium
Published:: 2 October 2023 3:14 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security advisory discloses six zero-day vulnerabilities, including a critical severity vulnerability that could allow remote code execution

Affected platforms

The following platforms are known to be affected:

Versions: all before 4.96.1 and 4.97

Exim

Threat details

Introduction

Six zero-day vulnerabilities have been disclosed in Exim Mail Server, including four which could allow remote code execution. One of these vulnerabilities has been designated as CVE-2023-42115 and rated at a critical severity, with a CVSSv3 score of 9.8. This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

Remediation advice

Affected organisations are encouraged to review Exim's security bulletin and apply the relevant updates.

Definitive source of threat updates