CVE-2021-26857

Warning

EPSS 37.77%
Published 03.03.2021 00:15:12
Last modified 07.03.2025 14:57:32
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Exchange Server Remote Code Execution Vulnerability

Affected products Warnungen 1 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2010 Updatesp3

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_22

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_23

Microsoft ≫ Exchange Server Version2013 Updatesp1

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_10

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_11

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_12

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_13

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_14

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_15

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_16

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_17

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_18

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_19

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_8

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_9

Microsoft ≫ Exchange Server Version2019 Update-

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_1

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_2

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_3

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_4

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_5

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_6

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_7

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_8

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Exchange Server Remote Code Execution Vulnerability

Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	37.77%	0.971

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
secure@microsoft.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-26857

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-26857

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-26857

EUVD