Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

nvd 1

cve 1

prion 1

cvelist 1

attackerkb 3

thn 7

threatpost 13

checkpoint_advisories 1

githubexploit 5

msrc 3

securelist 6

talosblog 1

akamaiblog 3

ics 7

cisa 1

hivepro 1

impervablog 1

carbonblack 1

fireeye 1

krebs 1

malwarebytes 3

mssecure 5

mmpc 5

rapid7blog 4

nessus 1

nuclei 1

mskb 1

kaspersky 1

qualysblog 7

avleonov 2

mscve 4

googleprojectzero 1

nvd

CVE-2021-26858

2021-03-03 00:15:12

cve

CVE-2021-26858

2021-03-03 00:15:12

prion

Remote code execution

2021-03-03 00:15:00

cvelist

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

2021-03-02 23:55:27

attackerkb

CVE-2021-26858

2021-03-03 00:00:00

CVE-2021-26857

2021-03-03 00:00:00

Multiple Microsoft Exchange zero-day vulnerabilities - ProxyLogon Exploit Chain

2023-12-29 00:00:00

thn

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

2021-04-23 07:42:00

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

2021-03-03 07:28:00

Microsoft Exchange Cyber Attack — What Do We Know So Far?

2021-03-08 10:15:00

threatpost

Prometei Botnet Could Fire Up APT-Style Attacks

2021-04-23 17:15:23

Attackers Target ProxyLogon Exploit to Install Cryptojacker

2021-04-15 12:19:13

CISA Orders Fed Agencies to Patch Exchange Servers

2021-03-04 17:08:36

checkpoint_advisories

Microsoft Exchange Server Remote Code Execution (CVE-2021-26857; CVE-2021-26858)

2021-03-02 00:00:00

githubexploit

Exploit for Vulnerability in Microsoft

2021-03-08 07:28:21

Exploit for Vulnerability in Microsoft

2021-03-09 10:36:44

Exploit for Vulnerability in Microsoft

2021-03-05 08:22:07

msrc

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

2021-03-16 07:00:00

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

2021-03-16 07:00:00

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

2021-03-16 18:44:28

securelist

Zero-day vulnerabilities in Microsoft Exchange Server

2021-03-04 17:20:57

Black Kingdom ransomware

2021-06-17 10:00:41

IT threat evolution Q1 2021

2021-05-31 10:00:37

talosblog

Threat Advisory: HAFNIUM and Microsoft Exchange zero-day

2021-03-08 10:18:43

akamaiblog

Microsoft Exchange and Verkada Hacks: Isolate Your Apps and APIs from the Internet Cesspool

2021-03-15 22:15:00

How Akamai Can Help You Fight the Latest Exploitation Attempts Against Microsoft Exchange

2021-03-15 22:30:00

Authentication: Lessons Learned from Microsoft Exchange and F5 BIG-IP Hacks

2021-03-24 14:00:00

ics

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

2022-10-05 12:00:00

Mitigate Microsoft Exchange Server Vulnerabilities

2021-07-19 12:00:00

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

2022-03-01 12:00:00

cisa

Microsoft Releases Out-of-Band Security Updates for Exchange Server

2021-03-02 00:00:00

hivepro

Have you patched the vulnerabilities in Microsoft Exchange Server?

2021-08-18 11:01:05

impervablog

Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures

2021-03-26 15:06:38

carbonblack

TAU Threat Advisory: Microsoft Exchange Servers Targeted with Four Zero-day Exploits

2021-03-08 21:05:13

fireeye

Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

2021-03-04 00:00:00

krebs

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

2021-03-02 21:19:17

malwarebytes

Patch now! Exchange servers attacked by Hafnium zero-days

2021-03-03 12:34:27

The top 5 most routinely exploited vulnerabilities of 2021

2022-04-29 16:28:20

Chinese APT's favorite vulnerabilities revealed

2022-10-13 16:15:00

mssecure

HAFNIUM targeting Exchange Servers with 0-day exploits

2021-03-02 21:07:53

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

2021-11-16 16:00:08

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

2022-09-07 21:00:00

mmpc

HAFNIUM targeting Exchange Servers with 0-day exploits

2021-03-02 21:07:53

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

2021-11-16 16:00:08

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

2022-09-07 21:00:00

rapid7blog

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

2021-03-03 00:41:04

Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange

2021-03-23 14:04:36

Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know

2021-03-03 19:23:42

nessus

Security Updates for Microsoft Exchange Server (March 2021)

2021-03-03 00:00:00

nuclei

Microsoft Exchange Server SSRF Vulnerability

2021-03-06 07:00:59

mskb

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 2, 2021 (KB5000871)

2021-03-02 08:00:00

kaspersky

KLA12103 ACE vulnerabilities in Microsoft Exchange Server

2021-03-02 00:00:00

qualysblog

Microsoft Exchange Server Zero-Days (ProxyLogon) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR

2021-03-03 22:12:19

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

2022-05-06 12:19:24

Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines

2022-02-26 20:20:32

avleonov

Vulnerability Management news and publications #2

2022-08-14 11:30:44

Joint Advisory AA22-279A and Vulristics

2022-10-21 20:10:13

mscve

Microsoft Exchange Server Remote Code Execution Vulnerability

2021-03-02 08:00:00

Microsoft Exchange Server Remote Code Execution Vulnerability

2021-03-02 08:00:00

Microsoft Exchange Server Remote Code Execution Vulnerability

2021-03-02 08:00:00

googleprojectzero

The More You Know, The More You Know You Don’t Know

2022-04-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.165

Percentile

96.1%

JSON

Related for CISA-KEV-CVE-2021-26858