Vulnerability(s): CVE-2019-10149: Exim mail transfer agent (MTA) allows Remote Code

We have been audited for your cyber security and the auditors have found this vulnerability with our website: Vulnerability(s): CVE-2019-10149: Exim mail transfer agent (MTA) allows Remote Code Execution for some non-default server configurations, Exim version prior to 4.92.2. We are asked to contact you to see if the vulnerability could be addressed.

What exim version are you running?

Fix Exim Critical Remote Command Execution Vulnerability CVE-2019-10149 | Tenable®.

According to our auditors, we are using a Exim version prior to 4.92.2

I’m not sure how this has anything to do with Cloudflare, since Cloudflare does not provide or maintain any Exim mailservers. I will briefly indulge the topic as a matter of courtesy.

You will benefit from consulting with your own qualified IT advisors that are independent of your auditor. Some Linux distributions patch security vulnerabilities using backports and do not increment the package version, so you need to know the exact version of your Exim instance, including the specific operating system it is running on.

1 Like

Thank you for your response. Our IT advisors told us to contact Cloudfare to see if you are managing this mail server. We will continue our research to understand the issue and find the solution as we don’t use any Exim mailservers on our networks…

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.