CVE-2021-31196
Microsoft Exchange Server Remote Code Execution Vulnerability
Vexday Risk Score
63High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.2EPSS 46.4%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
14 Jul 2021Published on NVD
21 Aug 2024Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Microsoft Exchange Server has a vulnerability that allows attackers to execute arbitrary code remotely on affected servers. This is critical because Exchange handles email for many organizations, giving attackers access to sensitive business communications and systems.
Technical detail
The vulnerability in Microsoft Exchange Server allows remote code execution through a network vector without requiring authentication. Exploitation results in complete server compromise with attacker-level privileges, directly impacting confidentiality, integrity, and availability of email infrastructure.
Summary generated and translated by AI from the official description.
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23Microsoft · Microsoft Exchange Server 2016 Cumulative Update 20Microsoft · Microsoft Exchange Server 2016 Cumulative Update 21Microsoft · Microsoft Exchange Server 2019 Cumulative Update 10Microsoft · Microsoft Exchange Server 2019 Cumulative Update 9Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →