CVE-2024-21410
Published: 13 February 2024
Summary
CVE-2024-21410 is a critical-severity Improper Authentication (CWE-287) vulnerability in Microsoft Exchange Server. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 9.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
Microsoft Exchange Server contains an elevation of privilege vulnerability tracked as CVE-2024-21410. The flaw carries a CVSS 3.1 base score of 9.8 and is associated with CWE-287, indicating improper authentication handling that can be reached over the network without credentials or user interaction.
An unauthenticated attacker can send specially crafted requests to an affected Exchange server and obtain elevated privileges, resulting in full compromise of confidentiality, integrity, and availability on the target system.
Microsoft has published guidance and patches through its Security Response Center, while CISA lists the vulnerability in its Known Exploited Vulnerabilities catalog, confirming that remediation should follow the vendor’s update instructions.
EPSS for the CVE rose from lower values to a peak of 0.1069 on 2024-12-09 before receding to the current 0.0614, indicating increased exploitation interest several months after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19119
Vulnerability details
Microsoft Exchange Server Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 15 February 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication decisions before granting any privileges on Exchange, blocking the unauthenticated elevation path in CVE-2024-21410.
Requires successful identification and authentication of organizational users prior to allowing access, directly countering the CWE-287 improper authentication flaw.
Mandates timely application of security updates that remediate the Exchange authentication bypass, eliminating the exploitable vulnerability.