Vulnerability Details : CVE-2021-42321
Microsoft Exchange Server Remote Code Execution Vulnerability
Vulnerability category: Execute code
At least one public exploit which can be used to exploit this vulnerability exists!
CVE-2021-42321
is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Exchange Server Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
Added on
2021-11-17
Action due date
2021-12-01
Exploit prediction scoring system (EPSS) score for CVE-2021-42321
Probability of exploitation activity in the next 30 days: 95.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2021-42321
-
Microsoft Exchange Server ChainedSerializationBinder RCE
Disclosure Date : 2021-12-09exploit/windows/http/exchange_chainedserializationbinder_rceThis module exploits vulnerabilities within the ChainedSerializationBinder as used in Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 all prior to Mar22SU. Note that authentication is required to exploit these vulnerabilities. Authors: - pwnforsp - zcgonvh - Microsoft Threat Intelligence Center - Microsoft Security Response Center - peterjson - testanull - Grant Willcox - Spencer McIntyre - Markus Wulftange
CVSS scores for CVE-2021-42321
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
[email protected] |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
[email protected] |
References for CVE-2021-42321
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321
Patch;Vendor Advisory
-
http://packetstormsecurity.com/files/166153/Microsoft-Exchange-Server-Remote-Code-Execution.html
Exploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html
Exploit;Third Party Advisory;VDB Entry
Products affected by CVE-2021-42321
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*