CVERadar

CVE-2024-26198

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.03248/1

CVE-2024-26198 is a Microsoft Exchange Server Remote Code Execution Vulnerability, allowing attackers to execute arbitrary code. This vulnerability arises from improper validation of file paths, leading to potential remote code execution. Despite a CVSS score of 0, indicating base severity, the SOCRadar Vulnerability Risk Score (SVRS) is 30.

While not immediately critical based on SVRS, CVE-2024-26198 is still important, because active exploits are available and the vulnerability is tagged as 'In The Wild'. Successful exploitation can compromise the entire Exchange Server, leading to data breaches, service disruption, and further malicious activities within the network. This vulnerability poses a significant risk to organizations relying on Microsoft Exchange Server. Immediate patching and continuous monitoring are required.

TAGS

In The Wild

Exploit Avaliable

VECTOR STRING

PUBLICATION DATE2024-03-12

LAST MODIFIED2024-05-29

SOCRadar

AI Insight

Description:

CVE-2024-26198 is a critical vulnerability in Microsoft Exchange Server that allows remote code execution (RCE). This vulnerability is rated 8.8 on the CVSS scale, indicating a high severity level. The SVRS for this vulnerability is 0, which means that it is not currently being actively exploited.

Key Insights:

This vulnerability affects all versions of Microsoft Exchange Server.
Successful exploitation of this vulnerability could allow an attacker to take complete control of an affected system.
Microsoft has released a patch for this vulnerability.

Mitigation Strategies:

Apply the patch released by Microsoft as soon as possible.
Disable remote access to Exchange Server until the patch has been applied.
Implement network segmentation to limit the spread of the vulnerability.

Additional Information:

The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
There are no known active exploits for this vulnerability.
If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

Title	Software Link	Date
babywalkerenc/CVE-2024-26198-POC	https://github.com/babywalkerenc/CVE-2024-26198-POC	2024-04-03
MrCyberSec/CVE-2024-26198-Exchange-RCE	https://github.com/MrCyberSec/CVE-2024-26198-Exchange-RCE	2024-03-13

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-26198 | Microsoft Exchange Server 2016 CU23/2019 CU13/2019 CU14 untrusted search path

vuldb.com2025-04-16

CVE-2024-26198 | Microsoft Exchange Server 2016 CU23/2019 CU13/2019 CU14 untrusted search path | A vulnerability, which was classified as critical, was found in Microsoft Exchange Server 2016 CU23/2019 CU13/2019 CU14. Affected is an unknown function. The manipulation leads to untrusted search path. This vulnerability is traded as CVE-2024-26198. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch

vuldb.com

rss

forum

news

The March 2024 Security Update Review

Dustin Childs2024-03-12

The March 2024 Security Update Review | It’s the second Tuesday of the month, and Adobe and Microsoft have released a fresh crop of security updates. Take a break from your other activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for March 2024For March, Adobe released six patches addressing

android

linux

credential

zerodayinitiative.com

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198

CWE Details

CWE ID	CWE Name	Description
CWE-426	Untrusted Search Path	The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence