#Microsoft Exchange Server

**How could an attacker exploit this vulnerability?** In a network-based attack, an attacker could trigger malicious code in the context of the server's account through a network call.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?** An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.

**According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?** Yes, the attacker must be authenticated.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?** An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.

**How could an attacker exploit this vulnerability?** An authenticated attacker who is on the same intranet as the Exchange server can achieve remote code execution via a PowerShell remoting session.

**How could an attacker exploit this vulnerability?** An authenticated attacker who is on the same intranet as the Exchange server can achieve remote code execution via a PowerShell remoting session.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** The attacker would be able to login as another user successfully.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?** An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.

**How could an attacker exploit this vulnerability?** An authenticated attacker who is on the same intranet as the Exchange server can achieve remote code execution via a PowerShell remoting session.

**How could an attacker exploit this vulnerability?** An authenticated attacker who is on the same intranet as the Exchange server can achieve remote code execution via a PowerShell remoting session.