CVE-2023-36050: Microsoft Exchange Server Spoofing Vulnerability

Overview

Severity

High (CVSS 8)

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2023-Nov

Released

2023-11-14

EPSS Score

4.09% (percentile: 88.6%)

FAQ

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server? Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that a user gain LAN-access as well as obtain credentials for a valid Exchange user.

Affected Products (3)

Server Software

• Microsoft Exchange Server 2019 Cumulative Update 12
• Microsoft Exchange Server 2016 Cumulative Update 23
• Microsoft Exchange Server 2019 Cumulative Update 13

Security Updates (3)

• 5032146
• 5032147
• 5032146

Acknowledgments

<a href="https://twitter.com/thezdi">Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative</a>

Revision History

• 2023-11-14: Information published.