Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.8 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Microsoft Exchange Server 2016 CU6/2016 CU7. It has been classified as critical. Affected is an unknown function of the component Outlook Web Access. The manipulation leads to input validation. This vulnerability is traded as CVE-2017-11932. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability, which was classified as critical, has been found in Microsoft Exchange Server 2016 CU6/2016 CU7 (Groupware Software). This issue affects an unknown code block of the component Outlook Web Access. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".
The bug was discovered 12/12/2017. The weakness was shared 12/12/2017 with Microsoft as KB4045655 as confirmed security update guide (Website). The advisory is shared at portal.msrc.microsoft.com. The identification of this vulnerability is CVE-2017-11932 since 07/31/2017. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. The advisory points out:
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.
The vulnerability scanner Nessus provides a plugin with the ID 105187 (Security Updates for Exchange (December 2017)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 53010 (Microsoft Windows Exchange Server Update For December 2017).
Applying the patch KB4045655 is able to eliminate this problem. The bugfix is ready for download at catalog.update.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (105187) and SecurityFocus (BID 102060†). The entry VDB-110318 is related to this item. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.2VulDB Meta Temp Score: 7.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.1
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 105187
Nessus Name: Security Updates for Exchange (December 2017)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: KB4045655
Timeline
07/31/2017 🔍12/12/2017 🔍
12/12/2017 🔍
12/12/2017 🔍
12/12/2017 🔍
12/12/2017 🔍
12/12/2017 🔍
12/13/2017 🔍
01/27/2021 🔍
Sources
Vendor: microsoft.comAdvisory: KB4045655
Researcher: Microsoft.
Organization: Microsoft
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-11932 (🔍)
GCVE (CVE): GCVE-0-2017-11932
GCVE (VulDB): GCVE-100-110549
OVAL: 🔍
SecurityFocus: 102060 - Microsoft Exchange Server CVE-2017-11932 Spoofing Vulnerability
SecurityTracker: 1039996
See also: 🔍
Entry
Created: 12/13/2017 08:00Updated: 01/27/2021 08:26
Changes: 12/13/2017 08:00 (77), 12/14/2019 08:49 (6), 01/27/2021 08:22 (2), 01/27/2021 08:26 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.