Description

Due to a flaw in the Autodiscover service of Exchange Server, an unauthenticated attacker can access its restricted resources and leverage this in conjunction with other vulnerabilities to execute arbitrary code.

Remediation

Upgrade to the latest version of Microsoft Exchange Server.

References

Microsoft Exchange Server Remote Code Execution Vulnerability

Related Vulnerabilities

Command Injection

JBoss InvokerTransformer Remote Code Execution

Symfony ESI (Edge-Side Includes) enabled

Webmin v1.920 Unauhenticated Remote Command Execution

WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)

Severity

High

Classification

CVE-2021-34473 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A

Tags

Code Execution