CVE-2021-26855

Description from NVD

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.

Information Acquisition Date:2021-04-27T11:07Z

CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Parical	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855
source:MISC
tags:Patch Vendor Advisory

http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html
source:MISC
tags:Exploit Third Party Advisory VDB Entry

http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html
source:MISC
tags:Exploit Third Party Advisory

This vulnerability may involve a PoC.

Description from Forti

Microsoft Exchange Server Remote Code Execution Vulnerability

This indicates an attack attempt to exploit a Remote Code Execution in Microsoft Exchange Server.The vulnerability is due to insufficient sanitization when handling a malicious request. A remote attacker may be able to exploit this to disclose data or execute arbitrary code within the context of the application, via a crafted HTTP request.

Information Acquisition Date:2021/03/25

Affected Products

Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 18

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag: Exchange(1 tweets)

List of frequently cited URLs

URL	Num of Times Referred to
http://vulmon.com/vulnerabilitydetails?qid=CVE-2021	1075
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...	233
https://cvetrends.com	61
https://lists.astaro.com/ASGV9-IPS-rules.html	14
https://vfeed.io	8
https://www.praetorian.com/blog/reproducing-proxylogon-expl...	8
https://testbnull.medium.com/ph%C3%A2n-t%C3%ADch-l%E1%BB%97...	8
http://t.me/gobies	7
https://www.ipa.go.jp/security/ciadr/vul/20210303-ms.html	7
https://msrc-blog.microsoft.com/2021/03/02/multiple-securit...	6
https://ift.tt/3qcSqSC	5
https://github.com/GossiTheDog/scanning/blob/main/http-vuln...	5
http://travaux.ovh.net/?do=details&id=49352	5
https://paper.seebug.org/1501/	5
https://www.tenable.com/blog/cve-2021-26855-cve-2021-26857-...	4
http://emm.newsbrief.eu/NewsBrief	4
https://www.volexity.com/blog/2021/03/02/active-exploitatio...	4
https://blog.netlab.360.com/microsoft-exchange-vulnerabilit...	4
http://feedproxy.google.com/~r/Snort/~3/-LloCeZ-tNg/snort-r...	4
https://www.helpnetsecurity.com/2021/03/16/microsoft-exchan...	4
https://<	3
http://ow.ly/Oh5250E3etC	3
https://aka.ms/ddm	3
https://kas.pr/468f	3
https://gitlab.com/gvillegas/ohwaa	3
http://target.com	3
https://twitter.com/search?src=sprv&q=CVE-2021-26855	3
https://cyber.dhs.gov/ed/21-02/	3
https://proxylogon.com/	3
https://securelist.com/zero-day-vulnerabilities-in-microsof...	3
https://web.archive.org/web/20210310164403/https://gist.git...	3
https://www.microsoft.com/security/blog/2021/03/02/hafnium-...	3
https://bi-zone.medium.com/hunting-down-ms-exchange-attacks...	3
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2...	3
https://blog.cloudflare.com/protecting-against-microsoft-ex...	3
https://www.securityweek.com/microsoft-ships-one-click-miti...	3
https://www.bleepingcomputer.com/news/security/microsoft-de...	3
https://ipssignatures.appspot.com/?cve=CVE-2021-26855	3
https://telltale.kryptoslogic.com	3
https://techcommunity.microsoft.com/t5/exchange-team-blog/r...	3

Information from Twitter

User	URL	Info Source	Date
No Data

List of frequently cited URLs

URL	Num of Times Referred to
vulmon.com	1075
alerts.vulmon.com	233
cvetrends.com	61
lists.astaro.com	14
vfeed.io	8
www.praetorian.com	8
testbnull.medium.com	8
t.me	7
www.ipa.go.jp	7
msrc-blog.microsoft.com	6
ift.tt	5
github.com	5
travaux.ovh.net	5
paper.seebug.org	5
www.tenable.com	4
emm.newsbrief.eu	4
www.volexity.com	4
blog.netlab.360.com	4
feedproxy.google.com	4
www.helpnetsecurity.com	4
<	3
ow.ly	3
aka.ms	3
kas.pr	3
gitlab.com	3
target.com	3
twitter.com	3
cyber.dhs.gov	3
proxylogon.com	3
securelist.com	3
web.archive.org	3
www.microsoft.com	3
bi-zone.medium.com	3
msrc.microsoft.com	3
blog.cloudflare.com	3
www.securityweek.com	3
www.bleepingcomputer.com	3
ipssignatures.appspot.com	3
telltale.kryptoslogic.com	3
techcommunity.microsoft.com	3

Information from Twitter

User	URL	Info Source
No Data

GitHub Search Results: Up to 10

Name	URL
charlottelatest/CVE-2021-26855	https://github.com/charlottelatest/CVE-2021-26855
h4x0r-dz/CVE-2021-26855	https://github.com/h4x0r-dz/CVE-2021-26855
hackerschoice/CVE-2021-26855	https://github.com/hackerschoice/CVE-2021-26855
alt3kx/CVE-2021-26855_PoC	https://github.com/alt3kx/CVE-2021-26855_PoC
p0wershe11/ProxyLogon	https://github.com/p0wershe11/ProxyLogon
herwonowr/exprolog	https://github.com/herwonowr/exprolog
cert-lv/exchange_webshell_detection	https://github.com/cert-lv/exchange_webshell_detection
srvaccount/CVE-2021-26855-PoC	https://github.com/srvaccount/CVE-2021-26855-PoC
ZephrFish/Exch-CVE-2021-26855	https://github.com/ZephrFish/Exch-CVE-2021-26855
pussycat0x/CVE-2021-26855-SSRF	https://github.com/pussycat0x/CVE-2021-26855-SSRF

GitHub Search Results: Up to 10

Name	URL
charlottelatest/CVE-2021-26855	github.com
h4x0r-dz/CVE-2021-26855	github.com
hackerschoice/CVE-2021-26855	github.com
alt3kx/CVE-2021-26855_PoC	github.com
p0wershe11/ProxyLogon	github.com
herwonowr/exprolog	github.com
cert-lv/exchange_webshell_detection	github.com
srvaccount/CVE-2021-26855-PoC	github.com
ZephrFish/Exch-CVE-2021-26855	github.com
pussycat0x/CVE-2021-26855-SSRF	github.com

2023/04/12 Score : 0
Added Har-sia Database : 2021/03/03
Last Modified : 2023/04/12
Highest Scored Date : 2021/03/03
Highest Score : 87