CVE-2021-34470
published 2021-07-14CVE-2021-34470: Microsoft Exchange Server Elevation of Privilege Vulnerability
PriorityP277high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.26%
86.8th percentile
Microsoft Exchange Server Elevation of Privilege Vulnerability
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | exchange_server | — | — |
| microsoft | exchange_server | — | — |
| microsoft | exchange_server | — | — |
| microsoft | microsoft_exchange_server_2013_cumulative_update_23 | >= 15.00.0 < 15.00.1497.023 | 15.00.1497.023 |
| microsoft | microsoft_exchange_server_2016_cumulative_update_21 | >= 15.01.0 < 15.01.2308.008 | 15.01.2308.008 |
| microsoft | microsoft_exchange_server_2019_cumulative_update_10 | >= 15.02.0 < 15.02.0922.007 | 15.02.0922.007 |
| msrc | microsoft_exchange_server_2013_cumulative_update_23 | — | — |
| msrc | microsoft_exchange_server_2016_cumulative_update_21 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_10 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attack vector is adjacent network (AV:A); exploitation requires attacker to be on the same physical network (e.g., IEEE 802.11/Bluetooth), local IP subnet, or within a secure/limited administrative domain (MPLS, VPN). Monitor for lateral movement or privilege escalation attempts originating from within the local network segment targeting Exchange Server. ↗
- →This vulnerability involved a schema change in Microsoft Exchange Server 2016 and 2019; monitor for unauthorized Active Directory schema modifications that could indicate exploitation or post-exploitation activity related to Exchange privilege escalation. ↗
- ·Exploitation is rated 'Less Likely' for both latest and older software releases, and has not been publicly disclosed or observed in the wild as of the advisory date. ↗
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.2MEDIUMAV:A/AC:L/Au:S/C:P/I:P/A:P
vulncheck8.0HIGH
vendor_msrc8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gcrr-725q-f8jw: Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470
ghsa_unreviewed·2022-05-24·CVSS 8.0
CVE-2021-34523 [HIGH] CWE-269 GHSA-gcrr-725q-f8jw: Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470
Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470.
GHSA
GHSA-79w4-597w-fxxx: Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34470, CVE-2021-34523
ghsa_unreviewed·2022-05-24·CVSS 8.0
CVE-2021-33768 [HIGH] CWE-269 GHSA-79w4-597w-fxxx: Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34470, CVE-2021-34523
Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34470, CVE-2021-34523.
GHSA
GHSA-hxhm-28wc-v3qm: Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34523
ghsa_unreviewed·2022-05-24·CVSS 8.0
CVE-2021-34470 [HIGH] CWE-269 GHSA-hxhm-28wc-v3qm: Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34523
Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34523.
VulnCheck
Microsoft Exchange Server Privilege Escalation
vulncheck·2021·CVSS 8.0
CVE-2021-34470 [HIGH] Microsoft Exchange Server Privilege Escalation
Microsoft Exchange Server Privilege Escalation
Microsoft Exchange Server Elevation of Privilege Vulnerability
Affected: Microsoft Exchange Server
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://cisa.gov/news-events/cybersecurity-advisories/aa22-257a; https://www.hhs.gov/sites/default/files/iranian-threat-actors-and-healthcare.pdf
Exploit PoC: https://vulncheck.com/xdb/ef51c4fc3f61; https://vulncheck.com/xdb/50036bc0bd40
Microsoft
Microsoft Exchange Server Elevation of Privilege Vulnerability
vendor_msrc·2021-07-13·CVSS 8.0
CVE-2021-34470 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
FAQ: Why are the links to the download center and KB articles for the CVE pointing to the June Cumulative Update for Exchange Server 2019 and Exchange Server 2016?
This vulnerability involved a schema change and therefore needed to be fixed in a cumulative update. For these versions, this vulnerability was addressed in the cumulative updated released on June 29, 2021.
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same s
No detection rules found.
No public exploits indexed.
Tenable
AA22-257A: Cybersecurity Agencies Issue Joint Advisory on Iranian Islamic Revolutionary Guard Corps-Affiliated Attacks
blogs_tenable·2022-09-15
AA22-257A: Cybersecurity Agencies Issue Joint Advisory on Iranian Islamic Revolutionary Guard Corps-Affiliated Attacks
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771)
blogs_tenable·2021-07-13·CVSS 7.8
[HIGH] Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Crowdstrike
July 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2021 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
July 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470
2021-07-14
Published
Exploited in the wild