Vulnerability Details : CVE-2022-23277
Public exploit exists!
Microsoft Exchange Server Remote Code Execution Vulnerability
Vulnerability category: Execute code
Products affected by CVE-2022-23277
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23277
1.72%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-23277
-
Microsoft Exchange Server ChainedSerializationBinder RCE
Disclosure Date: 2021-12-09First seen: 2022-12-23exploit/windows/http/exchange_chainedserializationbinder_rceThis module exploits vulnerabilities within the ChainedSerializationBinder as used in Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 all prior to Mar22SU. Note that authentication is required to
CVSS scores for CVE-2022-23277
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Microsoft Corporation |
References for CVE-2022-23277
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23277
CVE-2022-23277 - Security Update Guide - Microsoft - Microsoft Exchange Server Remote Code Execution VulnerabilityPatch;Vendor Advisory
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277
CVE-2022-23277 - Security Update Guide - Microsoft - Microsoft Exchange Server Remote Code Execution Vulnerability
-
http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html
Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to