⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2021-11-17.
CVE-2021-31207
Severity
6.6MEDIUM
EPSS
93.8%
top 0.14%
CISA KEV
KEVRansomware
Added 2021-11-03
Due 2021-11-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMay 11
KEV addedNov 3
KEV dueNov 17
Latest updateJul 30
CISA Required Action: Apply updates per vendor instructions.
Description
Microsoft Exchange Server Security Feature Bypass Vulnerability
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9
Affected Packages6 packages
Patches
🔴Vulnerability Details
3💥Exploits & PoCs
1🔍Detection Rules
5Suricata
▶
Suricata
▶