CVE-2023-28310: Microsoft Exchange Server Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 8)

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2023-Jun

Released

2023-06-13

EPSS Score

7.83% (percentile: 92.0%)

FAQ

According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server? Yes, the attacker must be authenticated. How could an attacker exploit this vulnerability? An authenticated attacker who is on the same intranet as the Exchange server can achieve remote code execution via a PowerShell remoting session.

Affected Products (3)

Server Software

• Microsoft Exchange Server 2016 Cumulative Update 23
• Microsoft Exchange Server 2019 Cumulative Update 12
• Microsoft Exchange Server 2019 Cumulative Update 13

Security Updates (3)

• 5025903
• 5026261
• 5026261

Acknowledgments

Anonymous, m4yfly with TianGong Team of Legendsec at Qi'anxin Group, Anonymous

Revision History

• 2023-06-13: Information published.