⚠ Actively exploited
Added to CISA KEV on 2022-01-18. Federal agencies required to patch by 2022-02-01. Required action: Apply updates per vendor instructions..

CVE-2021-33766

CWE-287Improper Authentication11 documents9 sources
Severity
7.5HIGH
EPSS
93.6%
top 0.16%
CISA KEV
KEV
Added 2022-01-18
Due 2022-02-01
Exploit
Exploited in wild
Active exploitation observed
Affected products
6
Microsoft Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Microsoft Exchange Server 2016 Cumulative Update 20+3 more
Timeline
PublishedJul 14
KEV addedJan 18
KEV dueFeb 1
Latest updateJun 28
CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages6 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-f9f4-96j3-5mvr: Microsoft Exchange Information Disclosure Vulnerability2022-05-24
CVEList
Microsoft Exchange Server Information Disclosure Vulnerability2021-07-14
VulnCheck
Microsoft Exchange Server Information Disclosure2021

💥Exploits & PoCs

1
Nuclei
Microsoft Exchange - Authentication Bypass

🔍Detection Rules

2
Suricata
ET EXPLOIT Microsoft Exchange - Information Disclosure flowbit set (CVE-2021-33766)2021-08-30
Suricata
ET EXPLOIT Microsoft Exchange - Successful msExchEcpCanary Disclosure (CVE-2021-33766)2021-08-30

📋Vendor Advisories

2
CISA
Microsoft Exchange Server Information Disclosure2022-01-18
Microsoft
Microsoft Exchange Server Information Disclosure Vulnerability2021-07-13

🕵️Threat Intelligence

2
Unit42
Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor2023-06-28
Unit42
Network Security Trends: August-October 20212021-12-21
CVE-2021-33766 (HIGH CVSS 7.5) | Microsoft Exchange Server Informati | cvebase.io