cbcvebase.
CVE-2021-34470
published 2021-07-14

CVE-2021-34470: Microsoft Exchange Server Elevation of Privilege Vulnerability

PriorityP277high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.26%
86.8th percentile
Microsoft Exchange Server Elevation of Privilege Vulnerability

Affected

9 ranges
VendorProductVersion rangeFixed in
microsoftexchange_server
microsoftexchange_server
microsoftexchange_server
microsoftmicrosoft_exchange_server_2013_cumulative_update_23>= 15.00.0 < 15.00.1497.02315.00.1497.023
microsoftmicrosoft_exchange_server_2016_cumulative_update_21>= 15.01.0 < 15.01.2308.00815.01.2308.008
microsoftmicrosoft_exchange_server_2019_cumulative_update_10>= 15.02.0 < 15.02.0922.00715.02.0922.007
msrcmicrosoft_exchange_server_2013_cumulative_update_23
msrcmicrosoft_exchange_server_2016_cumulative_update_21
msrcmicrosoft_exchange_server_2019_cumulative_update_10

Detection & IOCsextracted from sources · hover to see the quote

  • Attack vector is adjacent network (AV:A); exploitation requires attacker to be on the same physical network (e.g., IEEE 802.11/Bluetooth), local IP subnet, or within a secure/limited administrative domain (MPLS, VPN). Monitor for lateral movement or privilege escalation attempts originating from within the local network segment targeting Exchange Server.
  • This vulnerability involved a schema change in Microsoft Exchange Server 2016 and 2019; monitor for unauthorized Active Directory schema modifications that could indicate exploitation or post-exploitation activity related to Exchange privilege escalation.
  • ·Exploitation is rated 'Less Likely' for both latest and older software releases, and has not been publicly disclosed or observed in the wild as of the advisory date.

CVSS provenance

nvdv3.18.0HIGHCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.2MEDIUMAV:A/AC:L/Au:S/C:P/I:P/A:P
vulncheck8.0HIGH
vendor_msrc8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.