10
CVSSv2

CVE-2021-28481

Published: 13/04/2021 Updated: 14/04/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28482, CVE-2021-28483.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Github Repositories

Detected CVE-2021-28480, CVE-2021-28481 Usage: Author: @lotusdll (githubcom/Udyz) Any risk of a criminal act that you commit is not our responsibility Usage: scanpy [options] Options: -h, --help show this help message and exit -i HOST, --ip=HOST Host, provide schema and not final / (eg 127001:443) -l LIST, --list=LIST Target

ExchangeRCE-CVE-2021-28480 PoC for exploiting RCE in Exchange CVEs: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482 and CVE-2021-28483 Achieves Domain Admin on Domain Controllers running Windows Server 2003 up to Windows Server 2019

Recent Articles

Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes
Threatpost • Tom Spring • 14 Apr 2021

Microsoft had its hands full Tuesday snuffing out five zero-day vulnerabilities, a flaw under active attack and applying more patches to its problem-plagued Microsoft Exchange Server software.
In all, Microsoft released patches for 110 security holes, 19 classified critical in severity and 88 considered important. The most dire of those flaws disclosed is arguably a Win32k elevation of privilege vulnerability (CVE-2021-28310) actively being exploited in the wild by the cybercriminal group ...

NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches
The Register • Thomas Claburn in San Francisco • 13 Apr 2021

100+ fixes for the Windows world – plus holes in SAP, Adobe, FreeBSD, etc SAP: It takes exploit devs about 72 hours to turn one of our security patches into a weapon against customers

Patch Tuesday April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA).
Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploite...

The Register

Patch Tuesday April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA).
Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploite...