Vulnerability details
Advisory: SB2024021336 - Privilege escalation in Microsoft Exchange Server
Vulnerable component: Microsoft Exchange Server
CVE-ID: CVE-2024-21410
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-668 - Exposure of resource to wrong sphere
Description:
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in Microsoft Exchange Server. A remote attacker can target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf.
Note, the vulnerability is being actively exploited in the wild.