Lucene search

K

Kaspersky LabKLA12314

HistoryOct 12, 2021 - 12:00 a.m.

KLA12314 Multiple vulnerabilities in Microsoft Exchange Server

2021-10-1200:00:00

Kaspersky Lab

threats.kaspersky.com

51

9 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

Detect date:

10/12/2021

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, execute arbitrary code, cause denial of service.

Affected products:

Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2016 Cumulative Update 21

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-41348
CVE-2021-41350
CVE-2021-26427
CVE-2021-34453

Impacts:

ACE

Related products:

Microsoft Exchange Server

CVE-IDS:

CVE-2021-413488.0Critical
CVE-2021-413506.5High
CVE-2021-264279.0Critical
CVE-2021-344537.5Critical

KB list:

5007011
5007012

Microsoft official advisories:

References

support.microsoft.com/kb/5007011

support.microsoft.com/kb/5007012

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26427

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34453

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41348

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41350

nvd.nist.gov/vuln/detail/CVE-2021-26427

nvd.nist.gov/vuln/detail/CVE-2021-34453

nvd.nist.gov/vuln/detail/CVE-2021-41348

nvd.nist.gov/vuln/detail/CVE-2021-41350

portal.msrc.microsoft.com/en-us/security-guidance

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Microsoft-Exchange-Server/

9 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

Related for KLA12314

mskb2 nessus1 avleonov1 prion4 cve4 mscve4 malwarebytes1 krebs1 qualysblog1 threatpost1 thn1 rapid7blog1