The host is installed with Ipswitch Imail server and is prone to command injection vulnerability. A flaw is present in the STARTTLS implementation, which fails to properly upgrade a connection from plaintext to TLS. Successful exploitation could allow remote attackers to inject SMTP commands during the plaintext phase and run them during the TLS phase via man-in-the-middle attacks.