SERVER-MAIL -- Snort has detected traffic exploiting vulnerabilities in mail servers (such as Exchange, Courrier). These are different from protocol traffic, as this deals with the traffic going to the mail server itself.
SERVER-MAIL Exim remote command execution attempt
This event is generated when an Exim remote command execution attempt is detected. An attacker can send an email to a fake recipient address with run{} in it and execute commands as root Impact: Attempted Administrator Privilege Gain Details: Ease of Attack:
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2019-10149 |
Loading description
|