VDB
CVE-2021-34470
CVE-2021-34470
PUBLISHED
In Microsoft Exchange Server 2013, Microsoft Exchange Server 2016 und Microsoft Exchange Server 2019 existieren mehrere nicht näher beschriebene Schwachstellen. Ein Angreifer kann dies ausnutzen, um beliebigen Code auszuführen, um seine Privilegien zu erhöhen und um Informationen offenzulegen. Einige dieser Schwachstellen können von einem entfernten, anonymen Angreifer ausgenutzt werden. Die Ausnutzung einiger dieser Schwachstellen erfordert keine Nutzer-Interaktion.
EPSS 3.73% · 88.2th percentile
Risk Scores
EPSS Score
3.73%
88.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 20 | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 8 | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Exploit Intelligence
- A Powrshell script to scan for CVE-2021-34470 (github-poc)
- A Powrshell script to scan for CVE-2021-34470 (github-poc)
- A Powrshell script to scan for CVE-2021-34470 (github-poc)
- A Powrshell script to scan for CVE-2021-34470 (github-poc)
- A Powrshell script to scan for CVE-2021-34470 (github-poc)
- A Powrshell script to scan for CVE-2021-34470 (github-poc)
- CIRCL seen: CVE-2021-34470 (circl-sighting)
- CIRCL seen: CVE-2021-34470 (circl-sighting)
- CIRCL seen: CVE-2021-34470 (circl-sighting)
- http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html (circl)
…and 135 more exploits
Timeline
- Jan 19, 1970 VulnCheck XDB Entry
- Jan 20, 1970 VulnCheck XDB Entry
- Jul 13, 2021 CVE Published
- Jul 15, 2021 EPSS Score
- Jul 15, 2021 PoC Published
- Jul 30, 2021 EPSS Score
- Sep 13, 2021 EPSS Score
- Sep 23, 2021 PoC Published
- Nov 8, 2021 PoC Published
- Jan 6, 2022 EPSS Score
- Jan 10, 2022 EPSS Score
- Mar 10, 2022 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2024-1897.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1897 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://www.rapid7.com/blog/post/2021/08/12/proxyshell-more-widespread-exploitation-of-microsoft-exchange-servers/ exploit
- https://thehackernews.com/2021/08/new-microsoft-exchange-proxytoken-flaw.html advisory
- https://www.cisa.gov/news-events/alerts/2024/08/21/cisa-adds-four-known-exploited-vulnerabilities-catalog exploit