: Even if external perimeter firewalls completely isolate port 17001 from public viewing, the endpoint remains bound locally ( 127.0.0.1:17001 ). Any user with basic webmail or low-privileged shell access can interact with it internally to achieve local privilege escalation to administrator status. Remediation and Defense Strategies
Summary
: The exploit/windows/http/smartermail_rce module targets these endpoints to achieve a shell . smartermail 6919 exploit
SmarterTools released to address this. The fix involved: : Even if external perimeter firewalls completely isolate