CVE-2021-33768 Microsoft Exchange Server Elevation of Privilege Vulnerability

🗓️ 14 Jul 2021 17:53:42Reported by microsoftType

Microsoft Exchange Server Elevation of Privilege Vulnerabilit

Reporter	Title	Published	Views	Family All 21
ICS	Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations	14 Sep 202212:00	–	ics
Information Security Automation	Security News: Exchange ProxyShell, Zoom RCE, Citrix Canceled PT Acknowledgments, Cisco No Patch Router RCEs	31 Aug 202123:16	–	avleonov
BDU FSTEC	The vulnerability of Microsoft Exchange Server servers, related to deficiencies in access control, allows attackers to increase their privileges.	4 Feb 202200:00	–	bdu_fstec
Circl	CVE-2021-33768	14 Jul 202122:31	–	circl
CNNVD	Microsoft Windows Remote Access Connection Manager 权限许可和访问控制问题漏洞	13 Jul 202100:00	–	cnnvd
CVE	CVE-2021-33768	14 Jul 202117:53	–	cve
EUVD	EUVD-2021-20445	7 Oct 202500:30	–	euvd
Microsoft KB	Description of the security update for Microsoft Exchange Server 2016: July 13, 2021 (KB5004779)	13 Jul 202107:00	–	mskb
Microsoft KB	Description of the security update for Microsoft Exchange Server 2019: July 13, 2021 (KB5004780)	13 Jul 202107:00	–	mskb
Kaspersky	KLA12224 Multiple vulnerabilities in Microsoft Exchange Server	13 Jul 202100:00	–	kaspersky

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft Exchange Server 2019 Cumulative Update 9",
    "cpes": [
      "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.02.0",
        "lessThan": "15.02.0858.015",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Exchange Server 2016 Cumulative Update 20",
    "cpes": [
      "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.01.0",
        "lessThan": "15.01.2242.012",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Exchange Server 2016 Cumulative Update 21",
    "cpes": [
      "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.01.0",
        "lessThan": "15.01.2308.014",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Exchange Server 2019 Cumulative Update 10",
    "cpes": [
      "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.02.0",
        "lessThan": "15.02.0922.013",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33768

28 Dec 2023 22:36Current

8.1High risk

Vulners AI Score8.1

CVSS 3.18

EPSS0.00238