Published: 14/07/2021 Updated: 21/09/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Autodiscover service. The issue results from the lack of proper validation of URI prior to accessing resources. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft exchange server 2013

microsoft exchange server 2016

microsoft exchange server 2019

Mailing Lists

This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker to bypass the authentication, impersonate an arbitrary user, and write an arbitrary file to achieve remote code execution By taking advantage of this vulnerability, you can execute arbitrary commands on the remote Microsoft Exchange Server This vu ...

Github Repositories

CVE-2021-34473-scanner Scanner for CVE-2021-34473, ProxyShell, A Microsoft Exchange On-premise Vulnerability To test machines one by one, use scanner-CVE-2021-34473bat: scanner-CVE-2021-34473bat mailexemplefr To test multiple machines at once, use mass-scanner and add ip/FQDN to check, one by line, in servers-to-check mass-scanner-CVE-2021-34473bat Remediation depending on

CVE-2021-34473 CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability Reproducing ProxyShell Exploit y4yspace/2021/08/12/my-steps-of-reproducing-proxyshell/ This is NOT your Cyberweapon just a experimental PoC

CVE-2021-34473 CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability Reproducing ProxyShell Exploit y4yspace/2021/08/12/my-steps-of-reproducing-proxyshell/

CVE-2021-34473-scanner Scanner for CVE-2021-34473, ProxyShell, A Microsoft Exchange On-premise Vulnerability To test machines one by one, use scanner-CVE-2021-34473bat: scanner-CVE-2021-34473bat mailexemplefr To test multiple machines at once, use mass-scanner and add ip/FQDN to check, one by line, in servers-to-check mass-scanner-CVE-2021-34473bat Remediation depending on

CVE-2021-34473 proxyshell_scannerpy


AWVS14 Update InfO Version 14 build 144210913167 for Windows, Linux and macOS – 14th September 2021 New vulnerability checks Added check for Unrestricted access to Kong Gateway API Added check for Unrestricted access to Haproxy Data Plane API Added check for OData feed accessible anonymously Added check for Unauthenticated OGNL injection in Confluence Server and Da

Scripts to scan for Microsoft Exchange Vulnerabilities In 2021 several dangerous and widely exploited vulnerabilities for Microsoft Exchange servers have been published This repository provides scripts to scan for CVE-2021-26855: The SSRF vulnerability which is the entry point for the ProxyLogon exploit chain CVE-2021-34473: The pre-auth path confusion which is the entry poi

Proxyshell-Scanner nuclei scanner for Proxyshell RCE (CVE-2021-34423,CVE-2021-34473,CVE-2021-31207) discovered by orange tsai in Pwn2Own, which affect microsoft exchange server POC

ProxyShell Proof of Concept Exploit for Microsoft Exchange CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 Details For background information and context, read the blog post detailing the research by Horizon3: wwwhorizon3ai/news/blog/proxyshell Features No email address needs to be supplied Attempts to enumerate emails from Active Directory Attempts to enumerate Legac

ProxyShell-POC-Mod A Proof of Concept for ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) vulnerability This exploit code is a merge of two POC They both had pros & cons; So I merged them Credits to @donnymaasland (githubcom/dmaasland/proxyshell-poc) & @ber_m1ng (githubcom/ktecv2000/ProxyShell) Motivation I used both the above PO

RedTeam Toolkit Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teamming together for the security specialist to identify vulnerabilities The open-source projects such as nmap, rustscan, dirsearch, shreder, circl, crowbar, etc are used what will be a powerful toolkit together Currently it supports the following op

AWVS14 Update InfO Version 14 build 145211026108 for Windows, Linux and macOS – 11th October 2021 Updates Removed message to “Press any key to continue” when installing NET AcuSensor from CLI This was hindering the automatic installation of the NET sensor Fixes Fixed issue causing scans to fail when site redirets from http to https Fixed issue ca

Proxy-Attackchain proxylogon, proxyshell, proxyoracle full chain exploit tool ProxyLogon: The most well-known and impactful Exchange exploit chain ProxyOracle: The attack which could recover any password in plaintext format of Exchange users ProxyShell: The exploit chain demonstrated at Pwn2Own 2021 to take over Exchange and earn $200,000 bounty ProxyLogon is Just the Tip of

主流供应商的一些攻击性漏洞汇总 网络安全专家 @Alexander Knorr 在推特上分享的一些有关于供应商的一些 CVE 严重漏洞,详情,仅列出了 CVE 编号,无相关漏洞详情。所以在分享的图片基础上进行新增了漏洞 Title,官方公告,漏洞分析,利用代码,概念证明以及新增或删减了多个CVE等,另外

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

Recent Articles

IKEA Hit by Email Reply-Chain Cyberattack
Threatpost • Lisa Vaas • 29 Nov 2021

As of Friday – as in, shopping-on-steroids Black Friday – retail titan IKEA was wrestling with a then-ongoing reply-chain email phishing attack in which attackers were malspamming replies to stolen email threads.
BleepingComputer got a look at internal emails – one of which is replicated below – that warned employees of the attack, which was targeting the company’s internal email inboxes. The phishing emails were coming from internal IKEA email addresses, as well as from the syst...

Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns
Threatpost • Lisa Vaas • 17 Nov 2021

A state-backed Iranian threat actor has been using multiple CVEs – including both serious Fortinet vulnerabilities for months and a Microsoft Exchange ProxyShell weakness for weeks – looking to gain a foothold within networks before moving laterally and launching BitLocker ransomware and other nastiness.
A joint advisory published by CISA on Wednesday was meant to highlight the ongoing, malicious cyber assault, which has been tracked by the FBI, the U.S. Cybersecurity and Infrastructur...

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
Threatpost • Lisa Vaas • 03 Nov 2021

A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware.
Cisco Talos researchers said in a Wednesday report that they spotted the malicious campaign a few weeks ago, on Oct. 12.
Tortilla, an actor that’s been operating since July, is predominantly targeting U.S. victims. It’s also hurling a smaller number of...

New APT ChamelGang Targets Russian Energy, Aviation Orgs
Threatpost • Elizabeth Montalbano • 01 Oct 2021

A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks.
Researchers at security firm Positive Technologies have been tracking the group, dubbed ChamelGang for its chameleon-like capabilities, since March. Though attackers mainly have been seen targeting Russian organizations, they...

Researchers compile list of vulnerabilities abused by ransomware gangs
BleepingComputer • Sergiu Gatlan • 18 Sep 2021

Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims' networks.
All this started with
, a member of Recorded Future's CSIRT (computer security incident response team), on Twitter over the weekend.
Since then, with the help of several other contributors that joined his efforts, the list quickly grew to include security flaws found in products from over a dozen different s...

PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
Fireeye Threat Research • by Adrian Sanchez Hernandez, Govand Sinjari, Joshua Goddard, Brendan McKeague, John Wolfram • 03 Sep 2021

In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) affecting the following versions of on-premises Microsoft Exchange Servers.

Exchange Server 2013 (Cumulative Update 23 and below)
Exchange Server 2016 (Cumulative Update 20 and below)
Exchange Server 2019 (Cumulative Update 9 and below)...

Microsoft Breaks Silence on Barrage of ProxyShell Attacks
Threatpost • Elizabeth Montalbano • 26 Aug 2021

Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month.
The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers “to deploy ransomware or conduct other post-exploitation activities” and urging them to update immediately.
“Our recommendation, as always, is to install the latest CU and SU on a...

ProxyShell Attacks Pummel Unpatched Exchange Servers
Threatpost • Becky Bracken • 23 Aug 2021

Over the weekend, the Cybersecurity & Infrastructure Security Agency (CISA) issued an urgent alert that attackers are actively attacking ProxyShell vulnerabilities in unpatched Microsoft Exchange Servers, joining researchers in urging organizations to immediately install the latest Microsoft Security Update.
Security researchers at Huntress reported seeing ProxyShell vulnerabilities being actively exploited throughout the month of August to install backdoor access once the ProxyShell e...

GitHub picks Friday 13th to kill off password-based Git authentication
The Register • Chris Williams, Editor in Chief • 12 Aug 2021

Get our weekly newsletter Plus: eBPF Foundation emerges, Exchange severs probed for ProxyShell holes, and more

In brief If your Git operations start failing on Friday, August 13 with GitHub, it may well be because you're still using password authentication – and you need to change that.
In December, the source-code-hosting giant warned it will end password-based authentication for Git pushes and the like. From 1600 UTC (1700 BST, 0900 PST) on Friday, that shutdown will come into effect. As such, you'll need to use authentication tokens to complete your Git operations with GitHub.
"As previo...

What follows Patch Tuesday? Exploit Wednesday. Grab this bumper batch of security updates from Microsoft
The Register • Iain Thomson in San Francisco • 14 Jul 2021

Four flaws already being abused in the wild to compromise victims

Microsoft released an XL-sized bundle of security fixes for its products for this month's Patch Tuesday, and other vendors are close behind in issuing updates.
The Windows goliath's batch for July has 117 patches, 13 for what's said to be critical bugs, 103 important, and one moderate. Normally, we'd encourage you to install these updates, testing them as appropriate prior to deployment, before miscreants develop exploits for them. However, four of these holes are already being exploited i...

Microsoft Crushes 116 Bugs, Three Actively Exploited
Threatpost • Tom Spring • 13 Jul 2021

Three bugs under active exploit were squashed by Microsoft Tuesday, part of its July security roundup of fixes for Windows, Microsoft Office, SharePoint Server and Exchange Server. In all, Microsoft patched 116 bugs. Twelve bugs are rated critical, 103 rated important and one classified as moderate in severity.
Bugs under active attack include a critical scripting engine memory corruption (CVE-2021-34448) flaw and two additional Windows kernel elevation-of-privilege vulnerabilities (CVE-20...

CISA warns admins to urgently patch Exchange ProxyShell bugs
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as "urgent," warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities.
"Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207," CISA
over the weekend.
"CISA strongly urges organizations to identify vulnerable systems on their networks and im...