← back
CVE-2021-28480

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS 9.8 CRITICALEPSS 71.4%
Vexday Risk Score
85Fix now
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.8EPSS 71.4%KEV nãoPoC públicaNuclei simMetasploit Patch
Lifecycle
13 Apr 2021Published on NVD
21 Apr 2021Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23Microsoft · Microsoft Exchange Server 2016 Cumulative Update 19Microsoft · Microsoft Exchange Server 2016 Cumulative Update 20Microsoft · Microsoft Exchange Server 2019 Cumulative Update 8Microsoft · Microsoft Exchange Server 2019 Cumulative Update 9
public PoCs found1
githubgithub.com/ZephrFish/CVE-2021-28480_HoneyPoC310
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28480