CVE-2021-42321
Published: 10 November 2021
Summary
CVE-2021-42321 is a high-severity an unspecified weakness vulnerability in Microsoft Exchange Server. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2021-42321 is a remote code execution vulnerability affecting Microsoft Exchange Server. It carries a CVSS 3.1 base score of 8.8 with an attack vector of network, low attack complexity, low privileges required, no user interaction, and high impact to confidentiality, integrity, and availability.
An authenticated attacker can exploit the flaw over the network to achieve arbitrary code execution on the affected server. The vulnerability is tracked under NVD-CWE-Other and was publicly disclosed on 10 November 2021.
Microsoft publishes mitigation guidance in its security advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321. Public exploit code targeting the issue, including chained serialization binder techniques, has been posted to PacketStorm Security.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-29296
Vulnerability details
Microsoft Exchange Server Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 17 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of the identified RCE flaw in Exchange Server before exploitation occurs.
Limits privileges of authenticated users, reducing the ability of a low-privilege attacker to reach the vulnerable code path.
Restricts network access to Exchange servers, narrowing the attack surface for remote unauthenticated or low-privilege exploitation attempts.