Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36744

8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2019 Cumulative Update 12; Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 13
Vendor: CVE Published:; 12 September 2023

Summary

This vulnerability in Microsoft Exchange Server allows an attacker to remotely execute arbitrary code on the server. By exploiting this flaw, an attacker can gain control over the server, potentially leading to data breaches and system compromise. It is crucial for organizations using affected versions to assess their security posture and apply necessary patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.032

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.037

Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1258.025

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Jun 26, 2023