Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-38181

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2019 Cumulative Update 12; Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 13
Vendor: CVE Published:; 8 August 2023

Summary

This vulnerability in Microsoft Exchange Server allows for potential spoofing attacks, where an attacker could impersonate another user within the email system. By exploiting this weakness, unauthorized individuals may send malicious emails that appear to be from trusted sources, posing significant risks to organizational security. Organizations utilizing affected versions of Exchange Server are advised to apply the latest security updates to mitigate these risks effectively.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.032

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.037

Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1258.025

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 12, 2023