The Microsoft Exchange running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated remote attacker can exploit this to execute arbitrary code.

Binary data exchange_cve-2021-26855.nbin

VendorProductVersionCPE
microsoftexchange_servercpe:/a:microsoft:exchange_server

Vendor	Product	Version	CPE
microsoft	exchange_server		cpe:/a:microsoft:exchange_server

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26855

www.nessus.org/u?14b26c05

www.nessus.org/u?4260a57a

www.nessus.org/u?d9bf7dee

www.nessus.org/u?fedb98e4

proxylogon.com/

githubexploit 36

thn 13

malwarebytes 5

hackerone 2

saint 3

securelist 8

packetstorm 5

cvelist 1

metasploit 3

mssecure 8

cisa_kev 1

mmpc 8

qualysblog 11

prion 1

zdt 4

nvd 1

talosblog 2

hivepro 4

threatpost 16

cve 1

exploitdb 2

checkpoint_advisories 1

attackerkb 4

nuclei 3

mskb 2

msrc 3

cisa 1

akamaiblog 3

rapid7blog 7

ics 7

fireeye 1

impervablog 1

carbonblack 1

krebs 1

nessus 1

kaspersky 1

wallarmlab 2

avleonov 3

mscve 4

googleprojectzero 1

githubexploit

Exploit for Server-Side Request Forgery in Microsoft

2021-03-18 00:44:29

Exploit for Server-Side Request Forgery in Microsoft

2021-03-15 14:03:16

Exploit for Server-Side Request Forgery in Microsoft

2021-03-10 05:21:19

thn

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks

2021-03-11 15:04:00

Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021

2024-06-20 10:22:00

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

2021-03-04 08:26:00

malwarebytes

Microsoft Exchange attacks cause panic as criminals go shell collecting

2021-03-09 19:59:37

AvosLocker ransomware uses Microsoft Exchange Server vulnerabilities, says FBI

2022-03-21 21:09:12

Patch now! Exchange servers attacked by Hafnium zero-days

2021-03-03 12:34:27

hackerone

U.S. Dept Of Defense: CVE-2021-26855 on ████████ resulting in SSRF

2021-03-07 11:37:32

U.S. Dept Of Defense: SSRF due to CVE-2021-26855 on ████████

2021-03-07 11:31:33

saint

Microsoft Exchange Server ProxyLogon vulnerability

2021-03-19 00:00:00

Microsoft Exchange Server ProxyLogon vulnerability

2021-03-19 00:00:00

Microsoft Exchange Server ProxyLogon vulnerability

2021-03-19 00:00:00

securelist

Tomiris called, they want their Turla malware back

2023-04-24 08:00:22

IT threat evolution in Q2 2023

2023-08-30 10:00:05

Zero-day vulnerabilities in Microsoft Exchange Server

2021-03-04 17:20:57

packetstorm

Microsoft Exchange Proxylogon SSRF Proof Of Concept

2021-03-11 00:00:00

Microsoft Exchange 2019 Unauthenticated Email Download

2021-05-18 00:00:00

Microsoft Exchange 2019 SSRF / Arbitrary File Write

2021-03-18 00:00:00

cvelist

CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability

2021-03-02 23:55:26

metasploit

Microsoft Exchange ProxyLogon Collector

2021-03-09 19:52:01

Microsoft Exchange ProxyLogon RCE

2021-03-12 23:49:45

Microsoft Exchange ProxyLogon Scanner

2021-03-07 13:37:20

mssecure

Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus

2021-03-18 22:00:47

Microsoft investigates Iranian attacks against the Albanian government

2022-09-08 15:00:00

Analyzing attacks taking advantage of the Exchange Server vulnerabilities

2021-03-25 21:21:07

cisa_kev

Microsoft Exchange Server Remote Code Execution Vulnerability

2021-11-03 00:00:00

mmpc

Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus

2021-03-18 22:00:47

Microsoft investigates Iranian attacks against the Albanian government

2022-09-08 15:00:00

Analyzing attacks taking advantage of the Exchange Server vulnerabilities

2021-03-25 21:21:07

qualysblog

Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0

2022-06-22 21:23:51

Microsoft Exchange Server Zero-Days (ProxyLogon) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR

2021-03-03 22:12:19

The Rise of Ransomware

2021-10-05 12:50:00

prion

Remote code execution

2021-03-03 00:15:00

zdt

Microsoft Exchange 2019 - Unauthenticated Email Download Exploit

2021-05-18 00:00:00

Microsoft Exchange ProxyLogon Remote Code Execution Exploit

2021-03-23 00:00:00

Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Exploit

2021-03-11 00:00:00

nvd

CVE-2021-26855

2021-03-03 00:15:12

talosblog

What Talos Incident Response learned from a recent Qakbot attack hijacking old email threads

2022-07-27 12:00:00

Threat Advisory: HAFNIUM and Microsoft Exchange zero-day

2021-03-08 10:18:43

hivepro

BackdoorDiplomacy targets the telecom industry in the Middle East

2022-12-08 07:20:51

Have you patched the vulnerabilities in Microsoft Exchange Server?

2021-08-18 11:01:05

AvosLocker Ransomware group has targeted 50+ Organizations Worldwide

2022-03-24 06:30:44

threatpost

Mandiant Front Lines: How to Tackle Exchange Exploits

2021-04-16 14:02:54

Attackers Hijack Email Using Proxy Logon/Proxyshell Flaws

2021-11-22 19:26:25

IKEA Hit by Email Reply-Chain Cyberattack

2021-11-29 21:22:12

cve

CVE-2021-26855

2021-03-03 00:15:12

exploitdb

Microsoft Exchange 2019 - Unauthenticated Email Download

2021-05-18 00:00:00

Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)

2021-05-21 00:00:00

checkpoint_advisories

Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)

2021-03-02 00:00:00

attackerkb

CVE-2021-26855

2021-03-03 00:00:00

CVE-2021-27065

2021-03-03 00:00:00

CVE-2021-26857

2021-03-03 00:00:00

nuclei

Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting

2021-11-12 18:25:15

Exchange Server - Remote Code Execution

2021-08-10 07:59:06

Microsoft Exchange Server SSRF Vulnerability

2021-03-06 07:00:59

mskb

Remove specific prevalent malware with Windows Malicious Software Removal Tool (KB890830)

2021-01-12 00:00:00

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 2, 2021 (KB5000871)

2021-03-02 08:00:00

msrc

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

2021-03-16 07:00:00

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

2021-03-16 07:00:00

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

2021-03-16 18:44:28

cisa

Microsoft Releases Out-of-Band Security Updates for Exchange Server

2021-03-02 00:00:00

akamaiblog

Authentication: Lessons Learned from Microsoft Exchange and F5 BIG-IP Hacks

2021-03-24 14:00:00

Microsoft Exchange and Verkada Hacks: Isolate Your Apps and APIs from the Internet Cesspool

2021-03-15 22:15:00

How Akamai Can Help You Fight the Latest Exploitation Attempts Against Microsoft Exchange

2021-03-15 22:30:00

rapid7blog

Indiscriminate Exploitation of Microsoft Exchange Servers (CVE-2021-24085)

2021-03-02 19:53:28

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

2021-03-03 00:41:04

Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange

2021-03-23 14:04:36

ics

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

2022-10-05 12:00:00

Mitigate Microsoft Exchange Server Vulnerabilities

2021-07-19 12:00:00

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

2022-03-01 12:00:00

fireeye

Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

2021-03-04 00:00:00

impervablog

Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures

2021-03-26 15:06:38

carbonblack

TAU Threat Advisory: Microsoft Exchange Servers Targeted with Four Zero-day Exploits

2021-03-08 21:05:13

krebs

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

2021-03-02 21:19:17

nessus

Security Updates for Microsoft Exchange Server (March 2021)

2021-03-03 00:00:00

kaspersky

KLA12103 ACE vulnerabilities in Microsoft Exchange Server

2021-03-02 00:00:00

wallarmlab

Weekly exploit digest – March, 15-21 – VMware View Planner, Win32k ConsoleControl, Microsoft Windows Containers DP API

2021-03-21 13:09:00

Web vulnerabilities exploit weekly digest #1. March 8-15th 2021. VMware vCenter and Apache OFBiz RCE.

2021-03-16 18:22:00

avleonov

Vulnerability Management news and publications #2

2022-08-14 11:30:44

Joint Advisory AA22-279A and Vulristics

2022-10-21 20:10:13

Vulristics: Microsoft Patch Tuesdays Q1 2021

2021-03-26 02:47:52

mscve

Microsoft Exchange Server Remote Code Execution Vulnerability

2021-03-02 08:00:00

Microsoft Exchange Server Remote Code Execution Vulnerability

2021-03-02 08:00:00

Microsoft Exchange Server Remote Code Execution Vulnerability

2021-03-02 08:00:00

googleprojectzero

The More You Know, The More You Know You Don’t Know

2022-04-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.975

Percentile

100.0%

JSON

Related for EXCHANGE_CVE-2021-26855.NBIN