CERT mailing list archives
NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Thu, 28 May 2020 20:22:09 +0000
Cybersecurity and Infrastructure Security Agency Logo National Cyber Awareness System: NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2020/05/28/nsa-releases-advisory-sandworm-actors-exploiting-exim ] 05/28/2020 03:12 PM EDT Original release date: May 28, 2020 The National Security Agency (NSA) has released a cybersecurity advisory on Russian advanced persistent threat (APT) group Sandworm exploiting a vulnerabilityCVE-2019-10149in Exim Mail Transfer Agent (MTA) software. An unauthenticated remote attacker can use this vulnerability to send a specially crafted email to execute commands with root privileges, allowing the attacker to install programs, modify data, and create new accounts. Although Exim released a security update [ https://www.exim.org/static/doc/security/CVE-2019-10149.txt ] for the MTA vulnerability in June 2019, Sandworm cyber actors have been exploiting this vulnerability in unpatched Exim servers since at least August 2019 according NSAs advisory, which provides indicators of compromise and mitigations to detect and block exploit attempts. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to upgrade to the latest version of Exim and review NSAs Advisory: Exim Mail Transfer Agent Actively Exploited by Russian GRU Cyber Actors [ https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf ] and Exims page on CVE-2019-10149 [ https://www.exim.org/static/doc/security/CVE-2019-10149.txt ] for more information. This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ https://www.dhs.gov/privacy-policy ] policy. body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: #333333; } ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability US-CERT (May 28)