CVE-2022-23277: Microsoft Exchange Server Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 8.8)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2022-Mar

Released

2022-03-08

EPSS Score

79.12% (percentile: 99.1%)

FAQ

According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution? The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server's account through a network call. According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server? Yes, the attacker must be authenticated.

Detection & Weaponization (2 sources)

Maturity: Exploit

• Metasploit modules: Microsoft Exchange Server ChainedSerializationBinder RCE
• GitHub PoC: 1 repositories

Affected Products (5)

Server Software

• Microsoft Exchange Server 2013 Cumulative Update 23
• Microsoft Exchange Server 2016 Cumulative Update 21
• Microsoft Exchange Server 2019 Cumulative Update 10
• Microsoft Exchange Server 2016 Cumulative Update 22
• Microsoft Exchange Server 2019 Cumulative Update 11

Security Updates (5)

• 5010324
• 5012698
• 5012698
• 5012698
• 5012698

Acknowledgments

Markus Wulftange <a href="https://twitter.com/mwulftange">@mwulftange</a>

Revision History

• 2022-03-08: Information published.