CVE-2021-26855

Warnung

Exploit

EPSS 94.3%
Veröffentlicht 03.03.2021 00:15:12
Zuletzt bearbeitet 07.03.2025 14:57:32
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft Exchange Server Remote Code Execution Vulnerability

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_21

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_22

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_23

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_10

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_11

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_12

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_13

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_14

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_15

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_16

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_17

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_18

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_19

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_8

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_9

Microsoft ≫ Exchange Server Version2019 Update-

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_1

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_2

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_3

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_4

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_5

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_6

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_7

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_8

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Exchange Server Remote Code Execution Vulnerability

Schwachstelle

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.3%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html

Third Party Advisory

Exploit

VDB Entry

http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

http://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.html

Third Party Advisory

Exploit

VDB Entry