The vulnerability of Microsoft Exchange Server’s mail server, related to insecure management of privileges, allows attackers to elevate their own privileges.

🗓️ 13 Aug 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Microsoft Exchange Server has insecure privilege management enabling remote privilege escalation.

Reporter	Title	Published	Views	Family All 21
ICS	Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations	14 Sep 202212:00	–	ics
Information Security Automation	Security News: Exchange ProxyShell, Zoom RCE, Citrix Canceled PT Acknowledgments, Cisco No Patch Router RCEs	31 Aug 202123:16	–	avleonov
Circl	CVE-2021-34470	14 Jul 202122:31	–	circl
CNNVD	Microsoft Exchange Server 权限许可和访问控制问题漏洞	13 Jul 202100:00	–	cnnvd
CVE	CVE-2021-34470	14 Jul 202117:54	–	cve
Cvelist	CVE-2021-34470 Microsoft Exchange Server Elevation of Privilege Vulnerability	14 Jul 202117:54	–	cvelist
EUVD	EUVD-2021-21125	7 Oct 202500:30	–	euvd
Microsoft KB	Cumulative Update 21 for Exchange Server 2016 (KB5003611)	13 Jul 202107:00	–	mskb
Microsoft KB	Cumulative Update 10 for Exchange Server 2019 (KB5003612)	13 Jul 202107:00	–	mskb
Microsoft KB	Description of the security update for Microsoft Exchange Server 2013: July 13, 2021 (KB5004778)	13 Jul 202107:00	–	mskb

Source	Link
msrc	www.msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34470
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-34470
web	www.web.nvd.nist.gov/view/vuln/detail

15 Apr 2022 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 27.7

CVSS 38

EPSS0.03729

Microsoft Exchange Server Privilege escalation Insecure privilege management Remote exploitation