Skip to main content

CVE-2021-34523

CRITICAL
2021-07-14 secure@microsoft.com
9.0
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

5
Analysis Generated
Mar 26, 2026 - 11:19 vuln.today
Added to CISA KEV
Oct 30, 2025 - 19:13 cisa
CISA KEV
PoC Detected
Oct 30, 2025 - 19:13 vuln.today
Public exploit code
Patch released
Oct 30, 2025 - 19:13 nvd
Patch available
CVE Published
Jul 14, 2021 - 18:15 nvd
CRITICAL 9.0

DescriptionNVD

Microsoft Exchange Server Elevation of Privilege Vulnerability

AnalysisAI

Microsoft Exchange Server contains a privilege escalation vulnerability in the PowerShell backend that allows authenticated Exchange users to escalate to Exchange admin, the second component of the ProxyShell attack chain.

Technical ContextAI

The vulnerability in Exchange's PowerShell Remoting endpoint allows an attacker who has gained access through the SSRF (CVE-2021-34473) to escalate privileges from a standard mailbox user context to Exchange administrator. This enables access to the New-MailboxExportRequest cmdlet for web shell deployment.

Affected ProductsAI

Microsoft Exchange Server 2013/2016/2019

RemediationAI

Apply Microsoft security updates. Monitor Exchange PowerShell audit logs for unauthorized cmdlet execution. Restrict Exchange PowerShell access to authorized administrators.

Share

CVE-2021-34523 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy