SmarterMail (versions and builds prior to 6985) exposed three .NET remoting endpoints on the network—specifically named /Servers and /Spool —on TCP port 17001 . The application failed to validate data sent to these endpoints before deserializing it, processing it with high privileges. This allowed attackers to inject their own serialized .NET commands, which the server would execute.
CVSS 4.0 Severity and Vector Strings: NIST: NVD. N/A. NVD assessment not yet provided. CVSS 3.x Severity and Vector Strings: NIST: National Institute of Standards and Technology (.gov) smartermail 6919 exploit
Publicly available tools have lowered the barrier to entry dramatically: SmarterMail (versions and builds prior to 6985) exposed
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. SmarterTools SmarterMail less than build 6985 - Rapid7 CVSS 4
: A secondary check verifies that port 17001 is listening and open to the internet.
If you need help securing your mail architecture, let me know:
The SmarterMail application receives this request and, trusting the authenticated admin session, executes the string in the commandMount field as a system command on the underlying operating system.