CVE-2021-31196

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS 7.2 HIGHEPSS 46.4%● KEV

In short

Microsoft Exchange Server has a vulnerability that allows attackers to execute arbitrary code remotely on affected servers. This is critical because Exchange handles email for many organizations, giving attackers access to sensitive business communications and systems.

Technical detail

The vulnerability in Microsoft Exchange Server allows remote code execution through a network vector without requiring authentication. Exploitation results in complete server compromise with attacker-level privileges, directly impacting confidentiality, integrity, and availability of email infrastructure.

Summary generated and translated by AI from the official description.

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected products

Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 20 Microsoft · Microsoft Exchange Server 2016 Cumulative Update 21 Microsoft · Microsoft Exchange Server 2019 Cumulative Update 10 Microsoft · Microsoft Exchange Server 2019 Cumulative Update 9

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31196 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31196