Lucene search

K
saintSAINT CorporationSAINT:8E748D4A2FD6DFA108D87FF09FFEF2AE
HistoryMar 19, 2021 - 12:00 a.m.

Microsoft Exchange Server ProxyLogon vulnerability

2021-03-1900:00:00
SAINT Corporation
my.saintcorporation.com
369

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.975 High

EPSS

Percentile

100.0%

Added: 03/19/2021

Background

Microsoft Exchange is an e-mail server for Microsoft Windows operating systems.

Problem

A server-side request forgery vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary commands.

Resolution

Apply the patch referenced in Microsoft Advisory CVE-2021-26855.

References

<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855&gt;
<https://proxylogon.com/&gt;

Limitations

Exploit requires knowledge of an e-mail address on the target mail server.

Exploit creates a web shell in \Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\test11.aspx which must be manually removed after a successful exploit.

Platforms

Windows

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.975 High

EPSS

Percentile

100.0%