Vulnerability Details : CVE-2019-7214
Public exploit exists!
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
Exploit prediction scoring system (EPSS) score for CVE-2019-7214
79.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-7214
-
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
Disclosure Date: 2019-04-17First seen: 2023-09-11exploit/windows/http/smartermail_rceThis module exploits a vulnerability in the SmarterTools SmarterMail software for version numbers <= 16.x or for build numbers < 6985. The vulnerable versions and builds expose three .NET remoting endpoints on port 17001, namely /Servers, /Mail and /Spool. Fo
CVSS scores for CVE-2019-7214
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-7214
-
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-7214
-
http://packetstormsecurity.com/files/160416/SmarterMail-6985-Remote-Code-Execution.html
-
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/
Technical Advisory: Multiple Vulnerabilities in SmarterMailThird Party Advisory
-
https://www.smartertools.com/smartermail/release-notes/current
SmarterMail Release Notes and Version HistoryExploit;Release Notes;Vendor Advisory
-
http://packetstormsecurity.com/files/173388/SmarterTools-SmarterMail-Remote-Code-Execution.html
SmarterTools SmarterMail Remote Code Execution ≈ Packet Storm
Products affected by CVE-2019-7214
- cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*