On Monday 18th May 2020, cPanel’s security team released a patch to mitigate against a number of different vulnerabilities, assigned security levels (CVSSv3 scores) ranging from 3.0 (low severity) to 9.9 (critical). Further information was released on 19th May detailing a concerning Exim RCE (remote code execution) vulnerability. cPanel are referring to the Exim RCE vulnerability, assigned a CVSSv3 of 9.9, as SEC-485. It is caused by the default cPanel/WHM Exim configuration. cPanel has said that it does “not adequately protect against path traversal attacks”. RCE allows remote attackers to execute code on the server of other accounts. Let’s break…