{ "id": "CVE-2023-21709", "sourceIdentifier": "secure@microsoft.com", "published": "2023-08-08T18:15:11.780", "lastModified": "2024-11-21T07:43:29.080", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability" } ], "metrics": { "cvssMetricV31": [ { "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "secure@microsoft.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-307" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-307" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*", "matchCriteriaId": "8039FBA1-73D4-4FF2-B183-0DCC961CBFF7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_1:*:*:*:*:*:*", "matchCriteriaId": "56728785-188C-470A-9692-E6C7235109CA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*", "matchCriteriaId": "63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*", "matchCriteriaId": "9BE04790-85A2-4078-88CE-1787BC5172E7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*", "matchCriteriaId": "CCF101BE-27FD-4E2D-A694-C606BD3D1ED7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*", "matchCriteriaId": "4DF5BDB5-205D-4B64-A49A-0152AFCF4A13" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*", "matchCriteriaId": "55284CF7-0D04-4216-83FE-4B1F9CA94207" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*", "matchCriteriaId": "CA2CE223-AA49-49E6-AC32-59270EFF55AD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*", "matchCriteriaId": "4830D6A9-AF74-480C-8F69-8648CD619980" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", "matchCriteriaId": "079E1E3F-FF25-4B0D-AC98-191D6455A014" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", "matchCriteriaId": "29805EC7-6403-44B9-91EC-109C087E98EB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", "matchCriteriaId": "28FCA0E8-7D27-4746-9731-91B834CA3E64" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_2:*:*:*:*:*:*", "matchCriteriaId": "996163E7-6F3F-4D3B-AEA4-62A7F7E1F54D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", "matchCriteriaId": "19C1EE0C-B8DD-4B91-BE4B-1C42D72FB718" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", "matchCriteriaId": "3BE427A4-B0C2-4064-8234-29426325C348" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", "matchCriteriaId": "449CE85B-E599-44D3-A7C1-5133F6A55E86" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_3:*:*:*:*:*:*", "matchCriteriaId": "FE401B0A-DDE4-4A36-8E27-6DB14E094BE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_4:*:*:*:*:*:*", "matchCriteriaId": "450319C4-7C8F-43B7-B7F8-80DA4F1F2817" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*", "matchCriteriaId": "23015889-48AF-40A5-862F-290E73A54E77" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_6:*:*:*:*:*:*", "matchCriteriaId": "4FC34516-D7E7-4AD9-9B45-5474831548E0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_7:*:*:*:*:*:*", "matchCriteriaId": "5211792E-5292-41C0-B7E9-8AA63EC606EE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*", "matchCriteriaId": "075E907F-AF2F-4C31-86C7-51972BE412A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*", "matchCriteriaId": "69AF19DC-3D65-49A8-A85F-511085CDF27B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*", "matchCriteriaId": "40D8A6DB-9225-4A3F-AD76-192F6CCCF002" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*", "matchCriteriaId": "051DE6C4-7456-4C42-BC51-253208AADB4E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", "matchCriteriaId": "B4185347-EEDD-4239-9AB3-410E2EC89D2A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", "matchCriteriaId": "435343A4-BF10-461A-ABF2-D511A5FBDA75" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*", "matchCriteriaId": "EE320413-D2C9-4B28-89BF-361B44A3F0FF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*", "matchCriteriaId": "104F96DC-E280-4E0A-8586-B043B55888C2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*", "matchCriteriaId": "73B3B3FE-7E85-4B86-A983-2C410FFEF4B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*", "matchCriteriaId": "8A9FB275-7F17-48B2-B528-BE89309D2AF5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", "matchCriteriaId": "D4AB3C25-CEA8-4D66-AEE4-953C8B17911A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", "matchCriteriaId": "36CE5C6D-9A04-41F5-AE7C-265779833649" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", "matchCriteriaId": "44ECF39A-1DE1-4870-A494-06A53494338D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", "matchCriteriaId": "71CDF29B-116B-4DE2-AFD0-B62477FF0AEB" } ] } ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709", "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] } ] }