CVE-2021-27065

high

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

References

https://cyware.com/resources/research-and-analysis/beneath-the-surface-avoslockers-ransomware-as-a-service-and-cybercrime-tactics-f14f

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a

https://news.sophos.com/en-us/2021/03/23/blackkingdom-ransomware-still-exploiting-insecure-exchange-servers/

https://www.tenable.com/blog/how-to-identify-compromised-microsoft-exchange-server-assets-using-tenable

https://www.tenable.com/blog/how-to-identify-compromised-microsoft-exchange-server-assets-using-tenable

https://news.sophos.com/en-us/2021/03/15/dearcry-ransomware-attacks-exploit-exchange-server-vulnerabilities/

https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/

https://www.tenable.com/blog/finding-proxylogon-and-related-microsoft-exchange-vulnerabilities-how-tenable-can-help

https://www.tenable.com/blog/finding-proxylogon-and-related-microsoft-exchange-vulnerabilities-how-tenable-can-help

https://www.tenable.com/blog/cve-2021-26855-cve-2021-26857-cve-2021-26858-cve-2021-27065-four-microsoft-exchange-server-zero-day-vulnerabilities

https://www.tenable.com/blog/cve-2021-26855-cve-2021-26857-cve-2021-26858-cve-2021-27065-four-microsoft-exchange-server-zero-day-vulnerabilities

https://msrc.microsoft.com/blog/2021/03/multiple-security-updates-released-for-exchange-server/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065

Details

Source: Mitre, NVD

Published: 2021-03-03

Updated: 2023-12-29

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High