CVE-2020-28014

low-risk
Published 2021-05-06

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.

Do I need to act?

-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Exim

References (2)

Vendor Advisory https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28014-PIDFP.tx...
Vendor Advisory https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28014-PIDFP.tx...
26
/ 100
low-risk
Severity 20/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal