⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-03.
CVE-2021-27065
Severity
7.8HIGH
EPSS
94.3%
top 0.06%
CISA KEV
KEVRansomware
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 3
KEV addedNov 3
KEV dueMay 3
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.
Description
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages26 packages
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-rwm8-8c4x-v87q: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-2685↗2022-05-24
💥Exploits & PoCs
3🔍Detection Rules
1Suricata▶
ET EXPLOIT Possible Microsoft Exchange ProxyLogon Activity - OABVirtualDirectory SetObject (CVE-2021-27065)↗2021-08-20