CVE

The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly
known information-security vulnerabilities and exposures

About CVE identifiers

CVE identifiers are assigned by a CVE Numbering Authority (CNA). There are about 100
CNAs, representing major IT vendors—such as Red Hat, IBM, Cisco, Oracle, and Microsoft—
as well as security companies and research organizations. MITRE can also issue CVEs
directly.

What is the Common Vulnerability Scoring System?

There are multiple ways to evaluate the severity of a vulnerability. One is the Common
Vulnerability Scoring System (CVSS), a set of open standards for assigning a number to a
vulnerability to assess its severity. CVSS scores are used by the NVD, CERT and others to
assess the impact of vulnerabilities. Scores range from 0.0 to 10.0, with higher numbers
representing a higher degree of severity of the vulnerability. Many security vendors have
created their own scoring systems, as well.

1. CVE-2023-36778
Microsoft Exchange Server Remote Code Execution Vulnerability
Security Vulnerability

Released: Oct 10, 2023

Base score Exploitability Score Impact Score

8.8 2.8 5.9

What can cause this vulnerability?

The vulnerability occurs due to improper validation of cmdlet arguments.

Does the attacker need to be in an authenticated role in the Exchange Server?

Yes, the attacker must be authenticated.

How could an attacker exploit this vulnerability?

An authenticated attacker who is on the same intranet as the Exchange server can achieve remote code
execution via a PowerShell remoting session.

According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an
authenticated role on the Exchange Server?

Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.
According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this
vulnerability?

An authenticated attacker could exploit this vulnerability with LAN access.

2. CVE-2023-38185
Microsoft Exchange Server Remote Code Execution Vulnerability
Security Vulnerability

Released: Aug 8, 2023 Last updated: Aug 15, 2023

Base score Exploitability Score Impact Score

8.8 3.8 4.9

According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an
authenticated role on the Exchange Server?

Yes, the attacker must be authenticated.

According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none
(UI:N). What is the target used in the context of the remote code execution?

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code
execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context
of the server's account through a network call.

How could an attacker exploit this vulnerability?

In a network-based attack, an attacker could trigger malicious code in the context of the server's account
through a network call.

3. CVE-2023-21764
Microsoft Exchange Server Elevation of Privilege Vulnerability
Security Vulnerability

Released: Jan 10, 2023

Base score Exploitability Score Impact Score

7.8 2.7 5.1

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
 4. CVE-2023-38181
Microsoft Exchange Server Spoofing Vulnerability
Security Vulnerability

Released: Aug 8, 2023 Last updated: Aug 15, 2023

Base score Exploitability Score Impact Score

8.8 2.8 5.9

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of
confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?

An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which
could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.

How could an attacker exploit this vulnerability?

An authenticated attacker could achieve exploitation by using a PowerShell remoting session to the
server.

According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low
(AC:L). What does that mean for this vulnerability?

The attack vector is set to Network because this vulnerability is remotely exploitable and can be exploited
from the internet.

The attack complexity is set to Low because an attacker does not require significant prior knowledge of
the cluster/system and can achieve repeatable success when attempting to exploit this vulnerability.

What is spoofing? Spoofing definition

Spoofing, as it pertains to cybersecurity, is when someone or something pretends to be something

else in an attempt to gain our confidence, get access to our systems, steal data, steal money, or
spread malware. Spoofing attacks come in many forms, including:

 Email spoofing
 Website and/or URL spoofing
 Caller ID spoofing
 Text message spoofing
 GPS spoofing
 Man-in-the-middle attacks
 Extension spoofing
 IP spoofing
 Facial spoofing