CVE-2021-31206

6 documents6 sources

Severity

8.0HIGH

EPSS

6.6%

top 8.83%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Microsoft Exchange Server 2016 Cumulative Update 20 Microsoft Microsoft Exchange Server 2016 Cumulative Update 21 +3 more

Timeline

PublishedJul 14

Latest updateMay 24

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:LExploitability: 2.8 | Impact: 4.7

Affected Packages6 packages

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_915.02.0 — 15.02.0858.015

▶CVEListV5microsoft/microsoft_exchange_server_2013_cumulative_update_2315.00.0 — 15.00.1497.023

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_2015.01.0 — 15.01.2242.012

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_2115.01.0 — 15.01.2308.014

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_1015.02.0 — 15.02.0922.013

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-636v-jm8j-6hx7: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-34473↗2022-05-24

▶

CVEList

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-07-14

▶

VulnCheck

Microsoft Exchange Server Remote Code Execution↗2021

▶

💥Exploits & PoCs

Nuclei

Exchange Server - Remote Code Execution

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-07-13

▶