Vulnerability Details CVE-2023-21529
Microsoft Exchange Server Remote Code Execution Vulnerability
Exploit prediction scoring system (EPSS) score
EPSS Score 0.289
EPSS Ranking 96.6%
CVSS Severity
CVSS v3 Score 8.8
Proposed Action
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
Ransomware Campaign
Known
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21529
- https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
Products affected by CVE-2023-21529
-
cpe:2.3:a:microsoft:exchange_server:2013
-
cpe:2.3:a:microsoft:exchange_server:2016
-
cpe:2.3:a:microsoft:exchange_server:2019