CVE-2018-8581

CVSS 7.4 HIGHEPSS 27.6%● KEV

In short

Microsoft Exchange Server has a flaw that allows a user with limited permissions to gain higher-level access they shouldn't have. This can give attackers more control over the email server.

Technical detail

An elevation of privilege vulnerability in Microsoft Exchange Server permits an authenticated attacker to escalate privileges through improper access control mechanisms. The vulnerability requires valid user credentials but allows unauthorized access to administrative functions, potentially compromising the integrity and confidentiality of the entire messaging system.

Summary generated and translated by AI from the official description.

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Microsoft · Microsoft Exchange Server

public PoCs found — 3

githubgithub.com/Ridter/Exchange2domain★ 370 githubgithub.com/WyAtu/CVE-2018-8581★ 331 githubgithub.com/qiantu88/CVE-2018-8581★ 5

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8581 http://www.securityfocus.com/bid/105837 http://www.securitytracker.com/id/1042141