CVE-2021-27065

Description from NVD

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.

Information Acquisition Date:2021-04-27T11:07Z
CVSS 2.0: 6.8 MEDIUM CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:P/I:P/A:P

NVD References

 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065
     source:MISC
     tags:Patch    Vendor Advisory    
 http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    

This vulnerability may involve a PoC.

Description from Forti

Microsoft Exchange Server Remote Code Execution Vulnerability

This indicates an attack attempt to exploit a Remote Code Execution in Microsoft Exchange Server.The vulnerability is due to insufficient sanitization when handling a malicious request. A remote attacker may be able to exploit this to disclose data or execute arbitrary code within the context of the application, via a crafted HTTP request.

Information Acquisition Date:2021/03/13

Affected Products

Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 18

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Exchange(1 tweets) Oracle(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
http://vulmon.com/vulnerabilitydetails?qid=CVE-20211075
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...161
https://lists.astaro.com/ASGV9-IPS-rules.html14
https://gitlab.com/gvillegas/ohwaa12
https://www.praetorian.com/blog/reproducing-proxylogon-expl...8
https://testbnull.medium.com/ph%C3%A2n-t%C3%ADch-l%E1%BB%97...8
http://t.me/gobies7
https://github.com/GossiTheDog/scanning/blob/main/http-vuln...7
https://msrc-blog.microsoft.com/2021/03/02/multiple-securit...6
http://travaux.ovh.net/?do=details&id=493525
https://paper.seebug.org/1501/5
https://twitter.com/search?src=sprv&q=CVE-2021-270654
https://www.tenable.com/blog/cve-2021-26855-cve-2021-26857-...4
http://feedproxy.google.com/~r/Snort/~3/-LloCeZ-tNg/snort-r...4
https://ipssignatures.appspot.com/?cve=CVE-2021-270654
https://kas.pr/468f3
https://cyber.dhs.gov/ed/21-02/3
https://proxylogon.com/3
https://securelist.com/black-kingdom-ransomware/102873/3
https://www.microsoft.com/security/blog/2021/03/02/hafnium-...3
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2...3
https://www.proofpoint.com/us/daily-ruleset-update-summary-...3
https://blog.cloudflare.com/protecting-against-microsoft-ex...3
https://techcommunity.microsoft.com/t5/exchange-team-blog/r...3

Information from Twitter

User URL Info Source Date
pareshborkar https://lnkd.in/dHSw2gnH Source pareshborkar     1604132754639458304 2022/12/18

List of frequently cited URLs

URLNum of Times Referred to
vulmon.com1075
alerts.vulmon.com161
lists.astaro.com14
gitlab.com12
www.praetorian.com8
testbnull.medium.com8
t.me7
github.com7
msrc-blog.microsoft.com6
travaux.ovh.net5
paper.seebug.org5
twitter.com4
www.tenable.com4
feedproxy.google.com4
ipssignatures.appspot.com4
kas.pr3
cyber.dhs.gov3
proxylogon.com3
securelist.com3
www.microsoft.com3
msrc.microsoft.com3
www.proofpoint.com3
blog.cloudflare.com3
techcommunity.microsoft.com3

Information from Twitter

User URL Info Source
pareshborkar lnkd.in Show Tweet
GitHub Search Results: Up to 10
NameURL
cert-lv/exchange_webshell_detection https://github.com/cert-lv/exchange_webshell_detection
p0wershe11/ProxyLogon https://github.com/p0wershe11/ProxyLogon
herwonowr/exprolog https://github.com/herwonowr/exprolog
sgnls/exchange-0days-202103 https://github.com/sgnls/exchange-0days-202103
adamrpostjr/cve-2021-27065 https://github.com/adamrpostjr/cve-2021-27065
Udyz/Proxylogon https://github.com/Udyz/Proxylogon
WiredPulse/Invoke-HAFNIUMCheck.ps1 https://github.com/WiredPulse/Invoke-HAFNIUMCheck.ps1
dwisiswant0/proxylogscan https://github.com/dwisiswant0/proxylogscan
praetorian-inc/proxylogon-exploit https://github.com/praetorian-inc/proxylogon-exploit
SCS-Labs/HAFNIUM-Microsoft-Exchange-0day https://github.com/SCS-Labs/HAFNIUM-Microsoft-Exchange-0day
GitHub Search Results: Up to 10
NameURL
cert-lv/exchange_webshell_detection github.com
p0wershe11/ProxyLogon github.com
herwonowr/exprolog github.com
sgnls/exchange-0days-202103 github.com
adamrpostjr/cve-2021-27065 github.com
Udyz/Proxylogon github.com
WiredPulse/Invoke-HAFNIUMCheck.ps1 github.com
dwisiswant0/proxylogscan github.com
praetorian-inc/proxylogon-exploit github.com
SCS-Labs/HAFNIUM-Microsoft-Exchange-0day github.com
2023/01/28 Score : 1
Added Har-sia Database : 2021/03/03
Last Modified : 2023/01/28
Highest Scored Date : 2021/03/03
Highest Score : 52