CVE-2010-4345
| CVE Published | 2010-12-14 |
|---|---|
| Related Vendor(s) | canonical, exim, opensuse, debian |
| Related Product(s) | exim, ubuntu_linux, opensuse, debian_linux |
| Exploitation Reported (CISA KEV) | 2022-03-25 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph