A recent study by Qualys Research Team revealed that 21 unique vulnerabilities were found in the Exim mail server, which can lead to serious consequences on many organisations.
Indeed, it was reported that these vulnerabilities affected a large number of companies as 60% of the internet run on Exim. Hence, Exim servers hosted in the cloud can be exploited, enabling cyberattackers to obtain full remote unauthenticated code execution and gain root privileges.
Depending on where the server is located, there is a possibility of data exfiltration and IAM privilege escalation. The researchers also stated that the cyberattackers can exploit up to 10 of the vulnerabilities remotely. Meanwhile, for the other 11, the attackers can exploit them locally with default configuration or in a very common configuration.
Mail transfer agents have recently become a popular target for hackers as it is easily accessible on the internet. Indeed, once it is exploited, the cybercriminals can modify sensitive email settings on the mail servers, and allow adversaries to create new accounts on the target mail servers.
Hence, the study urges organisations to adopt a multi-layered defense strategy in order to protect applications in the public cloud to fall into the wrong hands.