Wednesday, 12 July 2017

On 03:57 by admin in    No comments
A vulnerability has been found in Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 and classified as critical. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (redirect). The CWE definition for the vulnerability is CWE-601. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was presented 07/11/2017 as KB4018588 as confirmed security update guide (Website). The advisory is shared for download at portal.msrc.microsoft.com. This vulnerability was named CVE-2017-8621 since 05/03/2017. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 07/12/2017). The advisory points out:
An open redirect vulnerability exists in Microsoft Exchange that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate website. By doing so, the attacker could trick the user and potentially acquire sensitive information, such as the user's credentials.
Applying the patch KB4018588 is able to eliminate this problem. The bugfix is ready for download at catalog.update.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.

CVSSv3

VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
VulDB Reliability: High

CVSSv2

VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete
VulDB Base Score: 6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
VulDB Temp Score: 5.9 (CVSS2#E:ND/RL:OF/RC:C)
VulDB Reliability: High

CPE

  • cpe:/a:microsoft:exchange_server:2010:sp3
  • cpe:/a:microsoft:exchange_server:2013:sp3
  • cpe:/a:microsoft:exchange_server:2013_cu16:sp3
  • cpe:/a:microsoft:exchange_server:2016_cu5:sp3

Exploiting

Class: Privilege escalation / Redirect (CWE-601)
Local: No
Remote: Yes

Availability: No

Price Prediction: steady
Current Price Estimation

0-Day$0-$5k$5k-$25k$25k-$100k$100k-$500k
Today$0-$5k$5k-$25k$25k-$100k$100k-$500k
Countermeasures

Recommended: Patch
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Patch: KB4018588

Timeline

05/03/2017   CVE assigned
07/11/2017  +69 days Advisory disclosed
07/11/2017  +0 days Countermeasure disclosed
07/12/2017  +1 days VulDB entry created
07/12/2017  +0 days VulDB last update

Sources

Advisory: KB4018588
Status: Confirmed

CVE: CVE-2017-8621 (mitre.org) (nvd.nist.org) (cvedetails.com)

0 comments:

Post a comment