Published: 25/02/2021 Updated: 29/12/2023

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

CVSS v3 Base Score: 6.5 | Impact Score: 3.7 | Exploitability Score: 2.3

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Microsoft Exchange Server Spoofing Vulnerability

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft exchange server 2019
microsoft exchange server 2016

Microsoft Exchange Server has a flaw that exists within the HasValidCanary function inside of the Canary15 class The issue results in an insecure generation of cross site request forgery tokens that can be used to install an office-addins An attacker can leverage this vulnerability to escalate privileges to an administrative account ...

Microsoft Exchange Server msExchEcpCanary Cross Site Request Forgery Elevation of Privilege Vulnerability This is a Proof of Concept for CVE-2021-24085 pocpy downloads the targets cert file with private key inside YellowCanary generates the msExchEcpCanary csrf token for a specific user based on the SID pocjs is the csrf exploit to trigger an account takeover I have not pr

NVD-CWE-noinfo https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24085 https://nvd.nist.gov https://github.com/sourceincite/CVE-2021-24085 https://packetstormsecurity.com/files/161528/Microsoft-Exchange-Server-msExchEcpCanary-CSRF-Privilege-Escalation.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-24085

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect