CVE-2021-34523
Microsoft Exchange Server Elevation of Privilege Vulnerability
In short
A flaw in Microsoft Exchange Server allows an authenticated attacker to gain higher privileges on the system. This is critical because an insider or someone with basic access can escalate their permissions to administrator level.
Technical detail
This vulnerability permits privilege escalation through improper authorization checks in Exchange Server components. An authenticated user can exploit insufficient validation mechanisms to elevate their privileges to administrative level, potentially compromising the entire mail system and sensitive data.
Summary generated and translated by AI from the official description.
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23Microsoft · Microsoft Exchange Server 2016 Cumulative Update 19Microsoft · Microsoft Exchange Server 2016 Cumulative Update 20Microsoft · Microsoft Exchange Server 2019 Cumulative Update 8Microsoft · Microsoft Exchange Server 2019 Cumulative Update 9public PoCs found — 3
githubgithub.com/mithridates1313/ProxyShell_POC★ 16githubgithub.com/SUPRAAA-1337/CVE-2021-34523★ 2cve_referencepacketstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-34523https://www.zerodayinitiative.com/advisories/ZDI-21-822/