CVE-2021-26858
Published: 03 March 2021
Summary
CVE-2021-26858 is a high-severity an unspecified weakness vulnerability in Microsoft Exchange Server. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).
Deeper analysis
Microsoft Exchange Server is affected by a remote code execution vulnerability tracked as CVE-2021-26858. The flaw received a CVSS 3.1 base score of 7.8 with an attack vector of local access, low attack complexity, no privileges required, and required user interaction, resulting in high impact to confidentiality, integrity, and availability.
An attacker with the ability to interact with a vulnerable system through a local vector can leverage the issue to execute arbitrary code. Because no privileges are needed and complexity is low, successful exploitation grants the attacker full control over affected components without additional authentication.
Microsoft's security advisory and the CISA Known Exploited Vulnerabilities catalog both reference this CVE, indicating that official patches and mitigation guidance are available through the Microsoft Security Response Center. The inclusion in CISA's catalog confirms that the vulnerability has been exploited in real-world attacks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-13642
Vulnerability details
Microsoft Exchange Server Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch that eliminates the RCE flaw in Exchange Server.
Enforces secure configuration settings that can disable or restrict the vulnerable Exchange components prior to patching.
Verifies integrity of Exchange binaries and detects unauthorized code introduced through exploitation of the flaw.