8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730.
Recent assessments:
bwatters-r7 at March 03, 2021 1:51pm UTC reported:
This attack is super useful to gain privileged access to an Exchange server. Given the ubiquity of the target, it’s remote nature, the presence of a simple python PoC, and the benefits from gaining privileged access to a mail server, hackers will be reaching for this exploit frequently, even if it does require authentication.
Further complicating matters is that the requests themselves are through https, so standard deployment for NIDS likely will not catch the attack. If you’ve added certificates to your NIDS to decrypt traffic, then it might catch the attack, but that scenario is not particularly common, especially in small to midsize organizations.
Patching is the primary method for mitigating this attack, though the logs left afterward (if they are not destroyed) are straightforward and reviewed in the technical analysis here: <https://attackerkb.com/topics/taeSMPFD8J/cve-2021-24085?#rapid7-analysis>
NinjaOperator at June 23, 2021 11:46pm UTC reported:
This attack is super useful to gain privileged access to an Exchange server. Given the ubiquity of the target, it’s remote nature, the presence of a simple python PoC, and the benefits from gaining privileged access to a mail server, hackers will be reaching for this exploit frequently, even if it does require authentication.
Further complicating matters is that the requests themselves are through https, so standard deployment for NIDS likely will not catch the attack. If you’ve added certificates to your NIDS to decrypt traffic, then it might catch the attack, but that scenario is not particularly common, especially in small to midsize organizations.
Patching is the primary method for mitigating this attack, though the logs left afterward (if they are not destroyed) are straightforward and reviewed in the technical analysis here: <https://attackerkb.com/topics/taeSMPFD8J/cve-2021-24085?#rapid7-analysis>
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C