Remote Code Execution Vulnerability Affects Microsoft Exchange Server
CVE-2023-21529

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2019 Cumulative Update 12; Microsoft Exchange Server 2019 Cumulative Update 11; Microsoft Exchange Server 2013 Cumulative Update 23; Microsoft Exchange Server 2016 Cumulative Update 23
Vendor: CVE Published:; 14 February 2023

Badges

👾 Exploit Exists

Summary

A vulnerability has been identified in Microsoft Exchange Server that allows for remote code execution. This security flaw could enable an attacker to execute arbitrary code on affected systems, potentially compromising data integrity and confidentiality. Organizations using Microsoft Exchange Server 2016 and 2019 are strongly encouraged to apply the latest security updates to mitigate this risk. Detailed information about the vulnerability and available patches can be found in the Microsoft advisory.

Affected Version(s)

Microsoft Exchange Server 2013 Cumulative Update 23 x64-based Systems 15.00.0 < 15.00.1497.047

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.021

Microsoft Exchange Server 2019 Cumulative Update 11 x64-based Systems 15.02.0 < 15.02.0986.041

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 9, 2024
👾
Exploit known to exist
Mar 9, 2024
Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Dec 1, 2022