Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-21710

7.2HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 11; Microsoft Exchange Server 2019 Cumulative Update 12
Vendor: CVE Published:; 14 February 2023

Summary

A vulnerability exists in Microsoft Exchange Server that allows an attacker to execute arbitrary code on the server remotely. By exploiting this vulnerability, an unauthorized user could take control of the system, potentially leading to data breaches, unauthorized access, and other malicious activities. It is critical for organizations using affected versions of Microsoft Exchange Server to apply the necessary patches and updates to mitigate this security risk.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.021

Microsoft Exchange Server 2019 Cumulative Update 11 x64-based Systems 15.02.0 < 15.02.0986.041

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.025

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Dec 13, 2022