cbcvebase.
CVE-2023-32031
published 2023-06-14

CVE-2023-32031: Microsoft Exchange Server Remote Code Execution Vulnerability

PriorityP275high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
81.77%
99.6th percentile
Microsoft Exchange Server Remote Code Execution Vulnerability

Affected

8 ranges
VendorProductVersion rangeFixed in
microsoftexchange_server
microsoftexchange_server
microsoftmicrosoft_exchange_server_2016_cumulative_update_23>= 15.01.0 < 15.01.2507.02715.01.2507.027
microsoftmicrosoft_exchange_server_2019_cumulative_update_12>= 15.02.0 < 15.02.1118.03015.02.1118.030
microsoftmicrosoft_exchange_server_2019_cumulative_update_13>= 15.02.0 < 15.02.1258.01615.02.1258.016
msrcmicrosoft_exchange_server_2016_cumulative_update_23
msrcmicrosoft_exchange_server_2019_cumulative_update_12
msrcmicrosoft_exchange_server_2019_cumulative_update_13

Detection & IOCsextracted from sources · hover to see the quote

  • Attacker must be authenticated (low privilege) and exploits via a network call to trigger malicious code in the context of the server's account — monitor for anomalous authenticated network calls to Exchange Server endpoints
  • No user interaction required and attack vector is network — exploitation can occur remotely without any victim interaction; prioritize network-level monitoring of Exchange Server
  • Exploitation assessed as 'More Likely' for latest software release — treat unpatched Exchange Servers as high-priority targets and monitor for exploitation attempts
  • ·Vulnerability affects Microsoft Exchange Server; specific affected versions are addressed by KB5026261 and KB5025903 — ensure patch applicability is confirmed against deployed Exchange versions before assuming coverage
  • ·Exploit has not been publicly disclosed or observed in the wild at time of advisory, but is rated 'Exploitation More Likely' — detection posture should be proactive rather than reactive

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.