Lucene search

K
kasperskyKaspersky LabKLA12608
HistoryAug 09, 2022 - 12:00 a.m.

KLA12608 Multiple vulnerabilities in Microsoft Exchange Server

2022-08-0900:00:00
Kaspersky Lab
threats.kaspersky.com
28

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.8%

Detect date:

08/09/2022

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges.

Affected products:

Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2016 Cumulative Update 23

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2022-30134
CVE-2022-24516
CVE-2022-21979
CVE-2022-34692
CVE-2022-21980
CVE-2022-24477

Impacts:

OSI

Related products:

Microsoft Exchange Server

CVE-IDS:

CVE-2022-301346.5High
CVE-2022-245168.0Critical
CVE-2022-219794.8Warning
CVE-2022-346925.3High
CVE-2022-219808.0Critical
CVE-2022-244778.0Critical

KB list:

5015322
5019076
5019077

Microsoft official advisories:

References

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.8%