[PoC] CVE-2021-42321: Microsoft Exchange Server Remote Code Execution Vulnerability Alert

From securityonline.info

On November 22, 2021, we found that the poc of Microsoft Exchange Server flaw has been published on the Internet, the vulnerability number is CVE-2021-42321, with CVSS:3.1 of 8.8, the vulnerability level is serious. CVE-2021-42321, the remote code execution vulnerability in Microsoft Exchange Server 2016 and 2019, is due to issues with the validation of command-let (cmdlet) arguments.“In order to exploit this flaw, an attacker would need to be authenticated, which limits some of the impact. Microsoft says they are aware of ‘limited targeted attacks’ using this vulnerability in the wild,” says Satnam Narang, staff research engineer at Tenable.

Read more…