Cyber Resilience

CVE-2021-42321

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 10 November 2021

Published
10 November 2021
Modified
30 October 2025
KEV Added
17 November 2021
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9362 99.8th percentile
Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-42321 is a high-severity an unspecified weakness vulnerability in Microsoft Exchange Server. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2021-42321 is a remote code execution vulnerability affecting Microsoft Exchange Server. It carries a CVSS 3.1 base score of 8.8 with an attack vector of network, low attack complexity, low privileges required, no user interaction, and high impact to confidentiality, integrity, and availability.

An authenticated attacker can exploit the flaw over the network to achieve arbitrary code execution on the affected server. The vulnerability is tracked under NVD-CWE-Other and was publicly disclosed on 10 November 2021.

Microsoft publishes mitigation guidance in its security advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321. Public exploit code targeting the issue, including chained serialization binder techniques, has been posted to PacketStorm Security.

EU & UK References

Vulnerability details

Microsoft Exchange Server Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
17 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
exchange server
2016, 2019

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the identified RCE flaw in Exchange Server before exploitation occurs.

prevent

Limits privileges of authenticated users, reducing the ability of a low-privilege attacker to reach the vulnerable code path.

prevent

Restricts network access to Exchange servers, narrowing the attack surface for remote unauthenticated or low-privilege exploitation attempts.

References