Vulnerability Details : CVE-2021-42321
Public exploit exists!
Used for ransomware!
Microsoft Exchange Server Remote Code Execution Vulnerability
Vulnerability category: Execute code
Products affected by CVE-2021-42321
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*
CVE-2021-42321 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft Exchange Server Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2021-42321
Added on
2021-11-17
Action due date
2021-12-01
Exploit prediction scoring system (EPSS) score for CVE-2021-42321
96.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-42321
-
Microsoft Exchange Server ChainedSerializationBinder RCE
Disclosure Date: 2021-12-09First seen: 2022-12-23exploit/windows/http/exchange_chainedserializationbinder_rceThis module exploits vulnerabilities within the ChainedSerializationBinder as used in Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 all prior to Mar22SU. Note that authentication is required to
CVSS scores for CVE-2021-42321
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Microsoft Corporation |
References for CVE-2021-42321
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321
CVE-2021-42321 - Security Update Guide - Microsoft - Microsoft Exchange Server Remote Code Execution VulnerabilityPatch;Vendor Advisory
-
http://packetstormsecurity.com/files/166153/Microsoft-Exchange-Server-Remote-Code-Execution.html
Microsoft Exchange Server Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html
Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to