CVE-2021-42321
Microsoft Exchange Server Remote Code Execution Vulnerability
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 12, 2021
- Published Date
- November 10, 2021
- Last Updated
- February 04, 2025
- Vendor
- Microsoft
- Product
- Microsoft Exchange Server 2016 Cumulative Update 21, Microsoft Exchange Server 2019 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11
- Description
- Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SSVC Information
- Exploitation
- active
- Technical Impact
- total
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321
http://packetstormsecurity.com/files/166153/Microsoft-Exchange-Server-Remote-Code-Execution.html
http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-17 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/exchange_chainedserializationbinder_rce.rb | 2025-04-29 11:01:37 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
7BitsTeam/exch_CVE-2021-42321
Type: github • Created: 2022-10-08 13:00:23 UTC • Stars: 10
DarkSprings/CVE-2021-42321
Type: github • Created: 2021-11-23 02:26:26 UTC • Stars: 85
Microsoft Exchange Server Poc