Original release date: May 28, 2020
The National Security Agency (NSA) has released a cybersecurity advisory on Russian advanced persistent threat (APT) group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent (MTA) software. An unauthenticated remote attacker can use this vulnerability to send a specially crafted email to execute commands with root privileges, allowing the attacker to install programs, modify data, and create new accounts.
Although Exim released a security update for the MTA vulnerability in June 2019, Sandworm cyber actors have been exploiting this vulnerability in unpatched Exim servers since at least August 2019 according NSA’s advisory, which provides indicators of compromise and mitigations to detect and block exploit attempts.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to upgrade to the latest version of Exim and review NSA’s Advisory: Exim Mail Transfer Agent Actively Exploited by Russian GRU Cyber Actors and Exim’s page on CVE-2019-10149 for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA released four Industrial Control Systems (ICS) advisories on August 19, 2025. These advisories provide…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released thirty-two Industrial Control Systems (ICS) advisories on August 14, 2025. These advisories provide…
CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency,…
This website uses cookies.