⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2021-11-17.

CVE-2021-34523

CWE-269 — Improper Privilege Management CWE-287 — Improper Authentication12 documents10 sources

Severity

9.8CRITICAL

EPSS

94.0%

top 0.11%

CISA KEV

KEVRansomware

Added 2021-11-03

Due 2021-11-17

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Microsoft Exchange Server 2016 Cumulative Update 20 +3 more

Timeline

PublishedJul 14

KEV addedNov 3

KEV dueNov 17

Latest updateJul 30

CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:NExploitability: 2.5 | Impact: 5.8

Affected Packages6 packages

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_815.02.0 — 15.02.0792.013

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_915.02.0 — 15.02.0858.010

▶CVEListV5microsoft/microsoft_exchange_server_2013_cumulative_update_2315.00.0 — 15.00.1497.015

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_1915.01.0 — 15.01.2176.012

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_2015.01.0 — 15.01.2242.008

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-gcrr-725q-f8jw: Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470↗2022-05-24

▶

CVEList

Microsoft Exchange Server Elevation of Privilege Vulnerability↗2021-07-14

▶

VulnCheck

Microsoft Exchange Server Privilege Escalation Vulnerability↗2021

▶

💥Exploits & PoCs

Metasploit

Microsoft Exchange ProxyShell RCE↗

▶

📋Vendor Advisories

CISA

Microsoft Exchange Server Privilege Escalation Vulnerability↗2021-11-03

▶

Microsoft

Microsoft Exchange Server Elevation of Privilege Vulnerability↗2021-07-13

▶

🕵️Threat Intelligence

Bleepingcomputer

UK govt links 2021 Electoral Commission breach to Exchange server↗2024-07-30

▶

Elastic

Detection and response for the actively exploited ProxyShell vulnerabilities — Elastic Security Labs↗2022-06-02

▶

Elastic

Detection and response for the actively exploited ProxyShell vulnerabilities — Elastic Security Labs↗2022-06-02

▶