Published: 05/03/2019 Updated: 24/08/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 970
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft exchange server 2016

microsoft exchange server 2010

microsoft exchange server 2013

microsoft exchange server 2019

Metasploit Modules

Microsoft Exchange Privilege Escalation Exploit

This module exploits a privilege escalation vulnerability found in Microsoft Exchange - CVE-2019-0724 Execution of the module will force Exchange to authenticate to an arbitrary URL over HTTP via the Exchange PushSubscription feature. This allows us to relay the NTLM authentication to a Domain Controller and authenticate with the privileges that Exchange is configured. The module is based on the work by @_dirkjan,

msf > use auxiliary/scanner/http/exchange_web_server_pushsubscription
msf auxiliary(exchange_web_server_pushsubscription) > show actions
msf auxiliary(exchange_web_server_pushsubscription) > set ACTION < action-name >
msf auxiliary(exchange_web_server_pushsubscription) > show options
    ...show and set options...
msf auxiliary(exchange_web_server_pushsubscription) > run

Recent Articles

Microsoft Patch Tuesday – February 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 13 Feb 2022

This month the vendor has patched 74 vulnerabilities, 20 of which are rated Critical.

Posted: 13 Feb, 201922 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – February 2019This month the vendor has patched 74 vulnerabilities, 20 of which are rated Critical.As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaini...