SmarterMail

SmarterMail is a Windows-based mail server platform developed by SmarterTools, designed to provide organizations with an alternative to Microsoft Exchange. It offers email, calendaring, contact management, and collaboration features accessible through webmail, desktop clients, and mobile devices via standard protocols such as IMAP, POP3, SMTP, CalDAV, and CardDAV. Administrative management is handled through a browser-based interface, allowing configuration of domains, user accounts, security settings, and integration with external services.

From an infrastructure perspective, SmarterMail is frequently deployed in small to mid-sized enterprise environments and by hosting providers that require multi-tenant capabilities. It supports both on-premises and hosted deployments, with built-in anti-spam and anti-virus filtering, SSL/TLS encryption for mail transport, and authentication options ranging from basic credentials to modern identity integrations.

Unauthenticated RCE

SmarterTools SmarterMail versions 16.x prior to build 6985 (CVE-2019-7214) are affected by an unauthenticated RCE vulnerability. The flaw arises from the insecure deserialization of untrusted data, which allows arbitrary code execution in the context of the SmarterMail service.

The vulnerability is triggered when an attacker can send a crafted payload to TCP port 17001, a service port used internally by SmarterMail. In vulnerable versions, if this port is exposed to untrusted networks, such as the public internet, it can be leveraged to execute commands on the underlying Windows host. By default, this port was not intended to be internet-facing, but misconfigurations or inadequate firewall rules could leave it accessible.

A Python-based PoC as well as a MSF module exist for exploiting this vulnerability.