HTTP: Microsoft Exchange Server PowerShell MultiValuedProperty Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft Exchange Server. A successful attack can lead to arbitrary code execution.
Extended Description
Microsoft Exchange Server Spoofing Vulnerability
Affected Products
Microsoft exchange_server
References
CVE: CVE-2023-36035
URL: http://www.zerodayinitiative.com/advisories/ZDI-23-162/ http://www.zerodayinitiative.com/advisories/ZDI-23-1420/ http://www.zerodayinitiative.com/advisories/ZDI-23-1419/ http://www.zerodayinitiative.com/advisories/ZDI-23-1448/ http://www.zerodayinitiative.com/advisories/ZDI-23-1447/ http://www.zerodayinitiative.com/advisories/ZDI-23-1417/ http://www.zerodayinitiative.com/advisories/ZDI-23-1640/ http://www.zerodayinitiative.com/advisories/ZDI-23-1646/ http://www.zerodayinitiative.com/advisories/ZDI-23-1641/ http://www.zerodayinitiative.com/advisories/ZDI-23-1637/ http://www.zerodayinitiative.com/advisories/ZDI-23-1578/
Short Name
HTTP:CTS:MS-EXCHNG-PS-MUL-CE
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2023-21529 CVE-2023-36035 CVE-2023-36039 CVE-2023-36050 CVE-2023-36744 CVE-2023-36745 CVE-2023-36756 CVE-2023-36757 CVE-2023-36777 CVE-2023-36778 CVE-2023-38181 Code Exchange Execution Microsoft MultiValuedProperty PowerShell Remote Server
Release Date
02/14/2023
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3676
False Positive
Unknown
Vendors
Microsoft