Published: 24/04/2019 Updated: 11/07/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.

Vulnerable Product	Search on Vulmon	Subscribe to Product
smartertools smartermail

SmarterMail build version 6985 suffers from a remote code execution vulnerability ...

Collection of PoCs created for SmarterMail < Build 6985 RCE

CVE-2019-7214 Remote Code Execution in NET deserialization for the SmarterMail system Collection Please find a collection of proof of concepts for the exploit in this repository Some may work as intended without modification and some may require modification

CWE-502 https://www.smartertools.com/smartermail/release-notes/current https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/http://packetstormsecurity.com/files/160416/SmarterMail-6985-Remote-Code-Execution.html http://packetstormsecurity.com/files/173388/SmarterTools-SmarterMail-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/devzspy/CVE-2019-7214 https://packetstormsecurity.com/files/160416/SmarterMail-6985-Remote-Code-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-7214

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect