Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38182

8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2019 Cumulative Update 13; Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 12
Vendor: CVE Published:; 8 August 2023

Summary

This vulnerability in Microsoft Exchange Server allows an attacker to execute arbitrary code on the affected server. By exploiting this flaw, unauthorized users could gain elevated access and control over system resources. Organizations using Microsoft Exchange Server 2016 and 2019 need to apply the necessary patches to mitigate the risks posed by this vulnerability and protect their infrastructure.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.032

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.037

Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1258.025

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 12, 2023