Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36756

8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 13; Microsoft Exchange Server 2019 Cumulative Update 12
Vendor: CVE Published:; 12 September 2023

Summary

A remote code execution vulnerability in Microsoft Exchange Server allows an attacker to execute arbitrary code on the server. This occurs when the server processes maliciously crafted requests. Successful exploitation may lead to the attacker gaining control over the affected system, potentially compromising sensitive data and operational integrity. It is essential for organizations using Exchange Server to apply security patches and monitor for unusual activities to mitigate risks.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.032

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.037

Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1258.025

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Jun 27, 2023