Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38185

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2019 Cumulative Update 13; Microsoft Exchange Server 2019 Cumulative Update 12; Microsoft Exchange Server 2016 Cumulative Update 23
Vendor: CVE Published:; 8 August 2023

Summary

A Remote Code Execution vulnerability exists in Microsoft Exchange Server, allowing attackers to execute arbitrary code on the affected system. This vulnerability can be exploited when an attacker sends specially crafted requests to an affected Exchange server, potentially allowing them to gain unauthorized control over the server. It is crucial for organizations to apply the necessary security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.032

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.037

Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1258.025

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 12, 2023