What is CVE-2021-42321?

CVE-2021-42321 is a vulnerability in Microsoft Exchange Server that allows an authenticated attacker to perform remote code execution.

How does CVE-2021-42321 affect Microsoft Exchange Server?

CVE-2021-42321 affects Microsoft Exchange Server versions 2016 Cumulative Update 21, 2016 Cumulative Update 22, 2019 Cumulative Update 10, and 2019 Cumulative Update 11.

What is the severity of CVE-2021-42321?

CVE-2021-42321 has a severity rating of 8.8 (high).

How can an attacker exploit CVE-2021-42321?

An authenticated attacker can exploit CVE-2021-42321 by leveraging improper validation in cmdlet arguments within Microsoft Exchange to perform remote code execution.

Is there a fix available for CVE-2021-42321?

Yes, Microsoft has released security updates to address CVE-2021-42321. It is recommended to apply the latest Cumulative Updates for the affected versions of Microsoft Exchange Server.

Vulnerability/
CVE-2021-42321

Exploited

high

8.8

10/11/2021

18/1/2024

CVE-2021-42321: Microsoft Exchange Server Remote Code Execution Vulnerability

First published: Wed Nov 10 2021(Updated: )

An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
	=2016-cumulative_update_21
	=2016-cumulative_update_22
	=2019-cumulative_update_10
	=2019-cumulative_update_11
Microsoft Exchange Server	=2016-cumulative_update_21
Microsoft Exchange Server	=2016-cumulative_update_22
Microsoft Exchange Server	=2019-cumulative_update_10
Microsoft Exchange Server	=2019-cumulative_update_11

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-42321?
CVE-2021-42321 is a vulnerability in Microsoft Exchange Server that allows an authenticated attacker to perform remote code execution.
How does CVE-2021-42321 affect Microsoft Exchange Server?
CVE-2021-42321 affects Microsoft Exchange Server versions 2016 Cumulative Update 21, 2016 Cumulative Update 22, 2019 Cumulative Update 10, and 2019 Cumulative Update 11.
What is the severity of CVE-2021-42321?
CVE-2021-42321 has a severity rating of 8.8 (high).
How can an attacker exploit CVE-2021-42321?
An authenticated attacker can exploit CVE-2021-42321 by leveraging improper validation in cmdlet arguments within Microsoft Exchange to perform remote code execution.
Is there a fix available for CVE-2021-42321?
Yes, Microsoft has released security updates to address CVE-2021-42321. It is recommended to apply the latest Cumulative Updates for the affected versions of Microsoft Exchange Server.

agent/type
agent/first-publish-date
agent/author
agent/softwarecombine
exploited/true
ransomware/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/title
agent/severity
agent/remedy
agent/references
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/description
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
vendor/microsoft
canonical/microsoft exchange
canonical/microsoft exchange server
version/microsoft exchange server/2016-cumulative_update_21
version/microsoft exchange server/2016-cumulative_update_22
version/microsoft exchange server/2019-cumulative_update_10
version/microsoft exchange server/2019-cumulative_update_11

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.