Microsoft Exchange - Remote Code Execution (ProxyLogon - CVE-2021-26855, CVE-2021-27065)

Name: Microsoft Exchange - Remote Code Execution (ProxyLogon - CVE-2021-26855, CVE-2021-27065) (CVE-2021-26855, CVE-2021-27065)
Published: 2021-05-25T00:00:00.000Z

Severity

Vulnerability description: Not available
Risk description: Not available
Exploit capabilities: Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
Recommendation: Not available
References: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855 https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/https://www.exploit-db.com/exploits/49663 https://www.exploit-db.com/exploits/49637 https://www.exploit-db.com/exploits/49879
Codename: ProxyLogon

Detectable with: Network Scanner
Scan engine: Sniper
Exploitable with Sniper: Yes
CVE Published: Mar 1, 2021
Detection added at: May 25, 2021
Software Type: Email server
Vendor: Microsoft
Product: Exchange Server

Detect this vulnerability now!

Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.

Compare paid plans Free access