CVE-2019-7214

CRITICAL

SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution

Title source: metasploit

Description

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.

Exploits (6)

nomisec WORKING POC 3 stars

by Drew-Alleman · poc

https://github.com/Drew-Alleman/CVE-2019-7214

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by devzspy · poc

https://github.com/devzspy/CVE-2019-7214

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by andyfeili · poc

https://github.com/andyfeili/-CVE-2019-7214

View Code ZIP pw:eip

nomisec WORKING POC

by ElusiveHacker · poc

https://github.com/ElusiveHacker/CVE-2019-7214

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Soroush Dalili, 1F98D, Ismail E. Dawoodjee · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/smartermail_rce.rb

View Code ZIP pw:eip

exploitdb WORKING POC

by 1F98D · pythonremotewindows

https://www.exploit-db.com/exploits/49216

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/160416/SmarterMail-6985-Remote-Code-Execution.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/173388/SmarterTools-SmarterMail-Remote-Code-Execution.html

[Third Party Advisory] https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/

[Exploit, Release Notes, Vendor Advisory] https://www.smartertools.com/smartermail/release-notes/current

Scores

CVSS v3 9.8

EPSS 0.8293

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

smartertools/smartermail < 16.3.6985

Timeline

Published Apr 24, 2019

Tracked Since Feb 18, 2026