Description

Due to a flaw in the Autodiscover service of Exchange Server, an unauthenticated attacker can access its restricted resources and leverage this in conjunction with other vulnerabilities to execute arbitrary code.

Remediation

Upgrade to the latest version of Microsoft Exchange Server.

References

Microsoft Exchange Server Remote Code Execution Vulnerability

Related Vulnerabilities

AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)

.NET JSON.NET Deserialization RCE

Node.js Debugger Unauthorized Access Vulnerability

Apache Log4j socket receiver deserialization vulnerability

WordPress Plugin File Gallery Remote Code Execution (1.7.9)

Severity

High

Classification

CVE-2021-34473 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A

Tags

Code Execution