Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:NMicrosoft Exchange Server
APPMicrosoft201320162019
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- Exchange Server
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- November 17, 2021(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Required action (CISA)i
Apply updates per vendor instructions.
CISA descriptioni
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARE⏰CISA DEADLINE: 17 listopada 2021
References
Related vulnerabilities
CVE-2024-21410CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Microsoft Exchange Server — privilege escalation z pominięciem uwierzytelnienia
CVE-2021-34473CRITICAL9.1⚠ KEVten sam produkt
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26855CRITICAL9.1⚠ KEVten sam produkt
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-21709CRITICAL9.8ten sam produkt
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-21846CRITICAL9.0ten sam produkt
Microsoft Exchange Server Remote Code Execution Vulnerability