cbcvebase.
CVE-2023-36777
published 2023-09-12

CVE-2023-36777: Microsoft Exchange Server Information Disclosure Vulnerability

PriorityP344medium5.7CVSS 3.1
AVAACLPRLUINSUCHINAN
EPSS
81.23%
99.6th percentile
Microsoft Exchange Server Information Disclosure Vulnerability

Affected

8 ranges
VendorProductVersion rangeFixed in
microsoftexchange_server
microsoftexchange_server
microsoftmicrosoft_exchange_server_2016_cumulative_update_23>= 15.01.0 < 15.01.2507.03215.01.2507.032
microsoftmicrosoft_exchange_server_2019_cumulative_update_12>= 15.02.0 < 15.02.1118.03715.02.1118.037
microsoftmicrosoft_exchange_server_2019_cumulative_update_13>= 15.02.0 < 15.02.1258.02515.02.1258.025
msrcmicrosoft_exchange_server_2016_cumulative_update_23
msrcmicrosoft_exchange_server_2019_cumulative_update_12
msrcmicrosoft_exchange_server_2019_cumulative_update_13

Detection & IOCsextracted from sources · hover to see the quote

  • Attack vector is Adjacent Network (LAN), so detection should focus on internal network traffic to Exchange Server from authenticated but potentially malicious LAN-connected clients.
  • Exploitation requires valid Exchange user credentials (low privilege); monitor for authenticated Exchange sessions from unusual or unexpected internal hosts attempting to access file content.
  • The vulnerability results in file content disclosure; monitor Exchange Server logs for anomalous file read activity or unexpected data exfiltration patterns from authenticated low-privilege accounts.
  • Microsoft rates this as 'Exploitation More Likely' in the latest software release; prioritize detection and patching on unpatched Exchange Servers that have not yet applied August 2023 security updates.
  • ·Protection requires the August 2023 Exchange security updates to be installed; systems already patched with August 2023 updates are not vulnerable.
  • ·As of the advisory publication, this vulnerability had not been publicly disclosed or exploited in the wild, but exploitation is rated 'More Likely' for the latest software release.

CVSS provenance

nvdv3.15.7MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc5.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.