Multiple vulnerabilities in Microsoft Exchange Server
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2023-21529 CVE-2023-21707 CVE-2023-21706 CVE-2023-21710 |
| CWE-ID | CWE-749 CWE-94 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Microsoft Exchange Server Server applications / Mail servers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Exposed dangerous method or function
EUVDB-ID: #VU72174
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21529
CWE-ID:
CWE-749 - Exposed Dangerous Method or Function
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the MultiValuedProperty class. A remote user can send a specially crafted request and execute arbitrary code in the context of the server's account.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 CU23 Jan23SU 15.00.1497.045 - 2019 RTM Mar21SU 15.02.0221.018
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21529
http://www.zerodayinitiative.com/advisories/ZDI-23-162/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Code Injection
EUVDB-ID: #VU72173
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21707
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote user can send a specially crafted request and execute arbitrary code in the context of the server's account.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 CU23 Jan23SU 15.00.1497.045 - 2019 RTM Mar21SU 15.02.0221.018
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21707
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Code Injection
EUVDB-ID: #VU72172
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21706
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote user can send a specially crafted request and execute arbitrary code in the context of the server's account.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 CU23 Jan23SU 15.00.1497.045 - 2019 RTM Mar21SU 15.02.0221.018
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21706
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Code Injection
EUVDB-ID: #VU72171
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21710
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote user with administrative privileges can send a specially crafted request and execute arbitrary code in the context of the server's account.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 CU23 Jan23SU 15.00.1497.045 - 2019 RTM Mar21SU 15.02.0221.018
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21710
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
