CVE-2021-26857

Published Mar 3, 2021

Last updated 7 months ago

Microsoft Exchange Server

Overview

AI description

Automated description summarized from trusted sources.

CVE-2021-26857 is an insecure deserialization vulnerability that exists within the Microsoft Exchange Unified Messaging service. Exploiting this vulnerability could allow an attacker to execute code as SYSTEM on the Exchange server. To exploit this vulnerability, an attacker would need administrator privileges or would need to exploit another vulnerability first to authenticate to the vulnerable Exchange Server. One way this could be achieved is by exploiting CVE-2021-26855, a server-side request forgery (SSRF) vulnerability.

Description: Microsoft Exchange Server Remote Code Execution Vulnerability
Source: secure@microsoft.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Known exploits

Data from CISA

Vulnerability name: Microsoft Exchange Server Remote Code Execution Vulnerability
Exploit added on: Nov 3, 2021
Exploit action due: Apr 16, 2021
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-502
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-502

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E5EA9AD-1E84-4AB5-A1EF-3B9F2AC84755"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "751FD35F-2ECD-4B75-9589-988CC6AD3058"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C21F84B-E99C-451D-9EAF-6352FD2B0EAF"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BE04790-85A2-4078-88CE-1787BC5172E7"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCF101BE-27FD-4E2D-A694-C606BD3D1ED7"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DF5BDB5-205D-4B64-A49A-0152AFCF4A13"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55284CF7-0D04-4216-83FE-4B1F9CA94207"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA2CE223-AA49-49E6-AC32-59270EFF55AD"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4830D6A9-AF74-480C-8F69-8648CD619980"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "079E1E3F-FF25-4B0D-AC98-191D6455A014"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29805EC7-6403-44B9-91EC-109C087E98EB"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28FCA0E8-7D27-4746-9731-91B834CA3E64"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "075E907F-AF2F-4C31-86C7-51972BE412A1"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69AF19DC-3D65-49A8-A85F-511085CDF27B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40D8A6DB-9225-4A3F-AD76-192F6CCCF002"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "051DE6C4-7456-4C42-BC51-253208AADB4E"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE320413-D2C9-4B28-89BF-361B44A3F0FF"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "104F96DC-E280-4E0A-8586-B043B55888C2"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73B3B3FE-7E85-4B86-A983-2C410FFEF4B8"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A9FB275-7F17-48B2-B528-BE89309D2AF5"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4AB3C25-CEA8-4D66-AEE4-953C8B17911A"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36CE5C6D-9A04-41F5-AE7C-265779833649"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44ECF39A-1DE1-4870-A494-06A53494338D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.