Lucene search

K
saint
SAINT CorporationSAINT:2232AFF7B86AF6E40FEC6191FAD74DCC
HistoryMar 19, 2021 - 12:00 a.m.

Microsoft Exchange Server ProxyLogon vulnerability

2021-03-1900:00:00
SAINT Corporation
download.saintcorporation.com
576

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.975 High

EPSS

Percentile

100.0%

Added: 03/19/2021

Background

Microsoft Exchange is an e-mail server for Microsoft Windows operating systems.

Problem

A server-side request forgery vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary commands.

Resolution

Apply the patch referenced in Microsoft Advisory CVE-2021-26855.

References

<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855&gt;
<https://proxylogon.com/&gt;

Limitations

Exploit requires knowledge of an e-mail address on the target mail server.

Exploit creates a web shell in \Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\test11.aspx which must be manually removed after a successful exploit.

Platforms

Windows

How to find holes in your network?

Try incredible fast Vulners Perimeter Scanner and find vulnerabilities and unnecessary ip and ports in network devices inside your network before anyone else.

Try Network Scanner

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.975 High

EPSS

Percentile

100.0%

Related for SAINT:2232AFF7B86AF6E40FEC6191FAD74DCC