Very High
CVE-2018-8302
Add Reference
Description
URL
Type
CVE-2018-8302
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka “Microsoft Exchange Memory Corruption Vulnerability.” This affects Microsoft Exchange Server.
Add Assessment
Ratings
-
Attacker ValueVery High
-
ExploitabilityHigh
Technical Analysis
A .NET deserialization vulnerability exists within Exchange when configured with Unified Messaging (UM). An attacker needs to be able to authenticate as an Exchange user with a configured UM voice mailbox. After doing so they utilize Exchange Web Services (EWS) to upload a malicious payload before calling the target user to leave a voice mail resulting in code execution. The target user does not need to listen to the voice mail in order for the payload to be executed.
CVSS V3 Severity and Metrics
General Information
Vendors
- Microsoft
Products
- Microsoft Exchange Server
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
What do we mean by "exploited in the wild"?
By selecting this, you are verifying to the AttackerKB community that either you, or a reputable source (example: a security vendor or researcher), has observed an active attempt by attackers, or IOCs related, to exploit this vulnerability outside of a research environment.
A vulnerability should also be considered "exploited in the wild" if there is a publicly available PoC or exploit (example: in an exploitation framework like Metasploit).
