CVE-2019-7214
CVE-2019-7214
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
Productos afectados
n/a · n/aPoCs públicas encontradas — 7
githubgithub.com/Drew-Alleman/CVE-2019-7214★ 4githubgithub.com/devzspy/CVE-2019-7214★ 2githubgithub.com/andyfeili/-CVE-2019-7214★ 1githubgithub.com/ElusiveHacker/CVE-2019-7214★ 0cve_referencepacketstormsecurity.com/files/160416/SmarterMail-6985-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/173388/SmarterTools-SmarterMail-Remote-Code-Execution.htmlno verificadoexploitdbwww.exploit-db.com/exploits/49216no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/160416/SmarterMail-6985-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/173388/SmarterTools-SmarterMail-Remote-Code-Execution.htmlhttps://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/https://www.smartertools.com/smartermail/release-notes/current