As of June 2019, Exim servers running versions 4.87 – 4.91 were exploitable through this remote command execution vulnerability. As of 23 August 2019, a Metasploit module was made available that offered a package for exploiting CVE-2019-10149 vulnerable Exim servers with relative ease. Successful compromise of one of these servers can lead to execution of commands as root.
Exim servers which accept TLS connections are at risk. The CVE-2019-15846 vulnerability allows an attacker to send a malicious Server Name Indication (SNI) during a TLS transfer. This causes a buffer overflow and allows for malicious code injection. This code is then executed as root.
Exim servers running versions 4.92 to 4.92.2 are exploitable through this heap-based overflow vulnerability which can allow actors to either crash servers or execute remote code on them.
Due to the number of Exim devices in the UK that are currently not updated to version 4.92.3, it is likely that many organisations are not proactively keeping up to date with the latest patches ensuring their infrastructure is protected from attack.