Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-31196

7.2HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2019 Cumulative Update 9; Microsoft Exchange Server 2016 Cumulative Update 20; Microsoft Exchange Server 2013 Cumulative Update 23; Microsoft Exchange Server 2016 Cumulative Update 21
Vendor: CVE Published:; 14 July 2021

Badges

👾 Exploit Exists🦅 CISA Reported

Summary

Microsoft Exchange Server Remote Code Execution Vulnerability

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Microsoft Exchange Server 2013 Cumulative Update 23 x64-based Systems 15.00.0 < 15.00.1497.023

Microsoft Exchange Server 2016 Cumulative Update 20 x64-based Systems 15.01.0 < 15.01.2242.012

Microsoft Exchange Server 2016 Cumulative Update 21 x64-based Systems 15.01.0 < 15.01.2308.014

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 21, 2024
🦅
CISA Reported
Aug 21, 2024
Vulnerability published
Jul 14, 2021
Vulnerability Reserved
Apr 14, 2021

Collectors

NVD DatabaseMitre DatabaseCISA Database