Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2021-34473
HistoryAug 10, 2021 - 7:59 a.m.

Exchange Server - Remote Code Execution

2021-08-1007:59:06
ProjectDiscovery
github.com
19

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.7

Confidence

High

EPSS

0.975

Percentile

100.0%

JSON
Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

id: CVE-2021-34473

info:
  name: Exchange Server - Remote Code Execution
  author: arcc,intx0x80,dwisiswant0,r3dg33k
  severity: critical
  description: |
    Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected Exchange Server, potentially leading to a complete compromise of the system.
  remediation: Apply Microsoft Exchange Server 2019 Cumulative Update 9 or upgrade to the latest version.
  reference:
    - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
    - https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html
    - https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1
    - https://nvd.nist.gov/vuln/detail/CVE-2021-34473
    - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34473
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2021-34473
    cwe-id: CWE-918
    epss-score: 0.97285
    epss-percentile: 0.99848
    cpe: cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: microsoft
    product: exchange_server
    shodan-query:
      - vuln:cve-2021-26855
      - http.favicon.hash:1768726119
      - http.title:"outlook"
      - cpe:"cpe:2.3:a:microsoft:exchange_server"
    fofa-query:
      - title="outlook"
      - icon_hash=1768726119
    google-query: intitle:"outlook"
  tags: cve2021,cve,ssrf,rce,exchange,kev,microsoft

http:
  - method: GET
    path:
      - '{{BaseURL}}/autodiscover/[email protected]/owa/?&Email=autodiscover/autodiscover.json%[email protected]'
      - '{{BaseURL}}/autodiscover/[email protected]/mapi/nspi/?&Email=autodiscover/autodiscover.json%[email protected]'

    matchers:
      - type: word
        part: body
        words:
          - "Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException"
          - "Exchange MAPI/HTTP Connectivity Endpoint"
        condition: or
# digest: 4a0a00473045022100ad42ea3fcb775f61e31a2c141f118c7214397ee6547fa562418b4d616704a5b7022076434866fae6a4f826f440f37bd4e9f7fe71812d116338900a0e52caf440220c:922c64590222798bb761d5b6d8e72950

Related

hivepro 10
mskb 4
thn 15
threatpost 14
kaspersky 1
nessus 2
qualysblog 2
cvelist 4
prion 4
nvd 4
mscve 3
malwarebytes 6
cve 4
zdi 2
attackerkb 7
cisa_kev 2
githubexploit 43
saint 3
hackerone 2
metasploit 4
mssecure 4
avleonov 2
securelist 4
packetstorm 6
seebug 1
mmpc 5
zdt 5
talosblog 2
ics 6
exploitdb 2
checkpoint_advisories 2
msrc 5
rapid7blog 4
cisa 2
pentestpartners 1
fireeye 2
trellix 2
impervablog 2
nuclei 1
akamaiblog 3
carbonblack 1
krebs 1
hivepro
hivepro
AvosLocker Ransomware group has targeted 50+ Organizations Worldwide
2022-03-24 06:30:44
MuddyWater is taking advantage of old vulnerabilities
2021-11-18 11:45:32
Weekly Threat Digest: 21 – 27 March 2022
2022-03-29 13:56:10
mskb
mskb
Description of the security update for Microsoft Exchange Server 2016: July 13, 2021 (KB5004779)
2021-07-13 07:00:00
Description of the security update for Microsoft Exchange Server 2019: July 13, 2021 (KB5004780)
2021-07-13 07:00:00
Description of the security update for Microsoft Exchange Server 2013: July 13, 2021 (KB5004778)
2021-07-13 07:00:00
thn
thn
Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns
2021-11-22 11:47:00
Hackers Actively Searching for Unpatched Microsoft Exchange Servers
2021-08-13 09:46:00
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
2021-03-04 08:26:00
threatpost
threatpost
Attackers Hijack Email Using Proxy Logon/Proxyshell Flaws
2021-11-22 19:26:25
IKEA Hit by Email Reply-Chain Cyberattack
2021-11-29 21:22:12
Mandiant Front Lines: How to Tackle Exchange Exploits
2021-04-16 14:02:54
kaspersky
kaspersky
KLA12224 Multiple vulnerabilities in Microsoft Exchange Server
2021-07-13 00:00:00
nessus
nessus
Security Updates for Exchange (July 2021)
2021-07-15 00:00:00
Microsoft Exchange Server Authentication Bypass
2021-03-08 00:00:00
qualysblog
qualysblog
AvosLocker Ransomware Behavior Examined on Windows & Linux
2022-03-07 05:18:46
Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0
2022-06-22 21:23:51
cvelist
cvelist
CVE-2021-31206 Microsoft Exchange Server Remote Code Execution Vulnerability
2021-07-14 17:53:13
CVE-2021-31196 Microsoft Exchange Server Remote Code Execution Vulnerability
2021-07-14 17:53:12
CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability
2021-07-14 17:54:03
prion
prion
Remote code execution
2021-07-14 18:15:00
Remote code execution
2021-07-14 18:15:00
Remote code execution
2021-07-14 18:15:00
nvd
nvd
CVE-2021-31206
2021-07-14 18:15:09
CVE-2021-31196
2021-07-14 18:15:09
CVE-2021-34473
2021-07-14 18:15:11
mscve
mscve
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-07-13 07:00:00
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-07-13 07:00:00
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-07-13 07:00:00
malwarebytes
malwarebytes
AvosLocker ransomware uses Microsoft Exchange Server vulnerabilities, says FBI
2022-03-21 21:09:12
Microsoft Exchange attacks cause panic as criminals go shell collecting
2021-03-09 19:59:37
Patch now! Microsoft Exchange is being attacked via ProxyShell
2021-08-23 13:21:08
cve
cve
CVE-2021-31196
2021-07-14 18:15:09
CVE-2021-31206
2021-07-14 18:15:09
CVE-2021-34473
2021-07-14 18:15:11
zdi
zdi
(Pwn2Own) Microsoft Exchange Server CabUtility ExtractCab Directory Traversal Remote Code Execution Vulnerability
2021-07-19 00:00:00
(Pwn2Own) Microsoft Exchange Server Autodiscover Server Side Request Forgery Authentication Bypass Vulnerability
2021-07-19 00:00:00
attackerkb
attackerkb
CVE-2021-31206
2021-07-14 00:00:00
CVE-2021-34473
2021-07-14 00:00:00
CVE-2021-26855
2021-03-03 00:00:00
cisa_kev
cisa_kev
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-11-03 00:00:00
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-11-03 00:00:00
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Microsoft
2021-08-11 12:20:07
Exploit for Server-Side Request Forgery in Microsoft
2022-11-16 08:22:29
Exploit for Server-Side Request Forgery in Microsoft
2021-11-22 07:47:09
saint
saint
Microsoft Exchange Server ProxyLogon vulnerability
2021-03-19 00:00:00
Microsoft Exchange Server ProxyLogon vulnerability
2021-03-19 00:00:00
Microsoft Exchange Server ProxyLogon vulnerability
2021-03-19 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: SSRF due to CVE-2021-26855 on ████████
2021-03-07 11:31:33
U.S. Dept Of Defense: CVE-2021-26855 on ████████ resulting in SSRF
2021-03-07 11:37:32
metasploit
metasploit
Microsoft Exchange ProxyLogon Collector
2021-03-09 19:52:01
Microsoft Exchange ProxyLogon RCE
2021-03-12 23:49:45
Microsoft Exchange ProxyLogon Scanner
2021-03-07 13:37:20
mssecure
mssecure
Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus
2021-03-18 22:00:47
Microsoft investigates Iranian attacks against the Albanian government
2022-09-08 15:00:00
Analyzing attacks taking advantage of the Exchange Server vulnerabilities
2021-03-25 21:21:07
avleonov
avleonov
Security News: Exchange ProxyShell, Zoom RCE, Citrix Canceled PT Acknowledgments, Cisco No Patch Router RCEs
2021-08-31 23:16:51
Vulnerability Management news and publications #2
2022-08-14 11:30:44
securelist
securelist
Tomiris called, they want their Turla malware back
2023-04-24 08:00:22
IT threat evolution in Q2 2023
2023-08-30 10:00:05
Zero-day vulnerabilities in Microsoft Exchange Server
2021-03-04 17:20:57
packetstorm
packetstorm
Microsoft Exchange Proxylogon SSRF Proof Of Concept
2021-03-11 00:00:00
Microsoft Exchange 2019 Unauthenticated Email Download
2021-05-18 00:00:00
Microsoft Exchange 2019 SSRF / Arbitrary File Write
2021-03-18 00:00:00
seebug
seebug
Exchange ProxyOracle 信息泄露漏洞利用链(CVE-2021-31195、 CVE-2021-31196)
2021-08-17 00:00:00
mmpc
mmpc
Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus
2021-03-18 22:00:47
Microsoft investigates Iranian attacks against the Albanian government
2022-09-08 15:00:00
Analyzing attacks taking advantage of the Exchange Server vulnerabilities
2021-03-25 21:21:07
zdt
zdt
Microsoft Exchange 2019 - Unauthenticated Email Download Exploit
2021-05-18 00:00:00
Microsoft Exchange ProxyLogon Remote Code Execution Exploit
2021-03-23 00:00:00
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Exploit
2021-03-11 00:00:00
talosblog
talosblog
What Talos Incident Response learned from a recent Qakbot attack hijacking old email threads
2022-07-27 12:00:00
Threat Advisory: HAFNIUM and Microsoft Exchange zero-day
2021-03-08 10:18:43
ics
ics
Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
2022-09-14 12:00:00
Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
2021-11-19 12:00:00
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
2022-10-05 12:00:00
exploitdb
exploitdb
Microsoft Exchange 2019 - Unauthenticated Email Download
2021-05-18 00:00:00
Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)
2021-05-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Exchange Server Remote Code Execution (CVE-2021-34473; CVE-2021-34523)
2021-07-14 00:00:00
Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)
2021-03-02 00:00:00
msrc
msrc
April 2021 Update Tuesday packages now available
2021-04-13 07:00:00
April 2021 Update Tuesday packages now available
2021-04-13 07:00:00
Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities
2021-03-16 07:00:00
rapid7blog
rapid7blog
For Microsoft Exchange Server Vulnerabilities, Patching Remains Patchy
2021-10-06 14:07:12
ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers
2021-08-12 21:08:43
Metasploit Wrap-Up
2021-08-20 19:12:00
cisa
cisa
Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities
2021-08-21 00:00:00
Microsoft Releases Out-of-Band Security Updates for Exchange Server
2021-03-02 00:00:00
pentestpartners
pentestpartners
Hive Ransomware is on the rise. How should you deal with it?
2022-11-18 06:44:42
fireeye
fireeye
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
2021-09-03 10:00:00
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
2021-03-04 00:00:00
trellix
trellix
Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware
2022-02-28 00:00:00
Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware
2022-02-28 00:00:00
impervablog
impervablog
Microsoft Exchange Server Vulnerabilities CVE-2022-41040 and CVE-2022-41082
2022-09-30 16:47:34
Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures
2021-03-26 15:06:38
nuclei
nuclei
Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
2021-11-12 18:25:15
akamaiblog
akamaiblog
Authentication: Lessons Learned from Microsoft Exchange and F5 BIG-IP Hacks
2021-03-24 14:00:00
Microsoft Exchange and Verkada Hacks: Isolate Your Apps and APIs from the Internet Cesspool
2021-03-15 22:15:00
How Akamai Can Help You Fight the Latest Exploitation Attempts Against Microsoft Exchange
2021-03-15 22:30:00
carbonblack
carbonblack
TAU Threat Advisory: Microsoft Exchange Servers Targeted with Four Zero-day Exploits
2021-03-08 21:05:13
krebs
krebs
Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails
2021-03-02 21:19:17

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.7

Confidence

High

EPSS

0.975

Percentile

100.0%

JSON
Related for NUCLEI:CVE-2021-34473
hivepro10mskb4thn15threatpost14kaspersky1nessus2qualysblog2cvelist4prion4nvd4mscve3malwarebytes6cve4zdi2attackerkb7cisa_kev2githubexploit43saint3hackerone2metasploit4mssecure4avleonov2securelist4packetstorm6seebug1mmpc5zdt5talosblog2ics6exploitdb2checkpoint_advisories2msrc5rapid7blog4cisa2pentestpartners1fireeye2trellix2impervablog2nuclei1akamaiblog3carbonblack1krebs1