CVE-2019-0724

EPSS 23.8%

Vexday Risk Score

23Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 23.8%KEV nãoPoC —Nuclei —Metasploit simPatch —

Lifecycle

21 Jan 2019Metasploit module available

06 Mar 2019Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.

Affected products

Microsoft · Microsoft Exchange Server 2010 Microsoft · Microsoft Exchange Server 2013 Microsoft · Microsoft Exchange Server 2016 Microsoft · Microsoft Exchange Server 2019

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0724 http://www.securityfocus.com/bid/106906