Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-35388

8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2019 Cumulative Update 13; Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 12
Vendor: CVE Published:; 8 August 2023

Summary

A reported vulnerability in Microsoft Exchange Server allows for remote code execution, posing significant risks if exploited. Attackers may gain unauthorized control, compromising sensitive data and systems. It’s essential for organizations using affected versions to implement patches and improve security measures to mitigate this threat. Regular updates and vigilant monitoring are crucial strategies to protect against vulnerabilities of this nature.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.032

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.037

Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1258.025

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jun 14, 2023