Attacker Value
Very High
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2021-34473

Disclosure Date: July 14, 2021
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

Add Assessment

1
Ratings
Technical Analysis

From https://blog.talosintelligence.com/2021/07/microsoft-patch-tuesday-for-july-2021.html there was a note that this vulnerability seems to have been used in some Exchange Server APT attacks detailed at https://blog.talosintelligence.com/2021/03/hafnium-update.html however it wasn’t disclosed that this vulnerability was patched despite being patched back in April 2021. Since this was under active exploitation it is recommended to patch this vulnerability if you haven’t applied April 2021’s patch updates already.

Successful exploitation will result in RCE on affected Exchange Servers, and requires no prior user privileges, so patch this soon!

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • Microsoft

Products

  • Microsoft Exchange Server 2013,
  • Microsoft Exchange Server 2019 Cumulative Update 9,
  • Microsoft Exchange Server 2016 Cumulative Update 20,
  • Microsoft Exchange Server 2016 Cumulative Update 19,
  • Microsoft Exchange Server 2019 Cumulative Update 8

Exploited in the Wild

Reported by:
Reported: July 14, 2021 5:13pm UTC (2 weeks ago) Edited 2 weeks ago

Additional Info

Technical Analysis