Microsoft Exchange - Remote Code Execution (ProxyNotFound - CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483) (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
Microsoft Exchange is vulnerable to the ProxyNotFound attack chain, a Remote Code Execution vulnerability, affecting the ecp endpoint, that can be used by an unauthenticated malicious attacker to execute commands on the server. CVE-2021-28480 and CVE-28481 are pre-authentication vulnerabilities, and CVE-2021-28482 and CVE-28483 are post-authgentication vulnerabilities.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the Exchange server in order to steal confidential information, install ransomware or pivot to the internal network.
- Recommendation
Upgrade the Exchange server to the latest version or to the following cumulative updates: Microsoft Exchange Server 2019 - Cumulative Update 9 Microsoft Exchange Server 2019 - Cumulative Update 8 Microsoft Exchange Server 2016 - Cumulative Update 20 Microsoft Exchange Server 2016 - Cumulative Update 19 Microsoft Exchange Server 2013 - Cumulative Update 23
- References
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28480
https://support.microsoft.com/help/5001779- Codename
- ProxyNotFound
- Detectable with
- Network Scanner
- Exploitable with Sniper
- No
- Vuln date
- Apr 2021
- Published at
- Updated at
- Software Type
- Email server
- Vendor
- Microsoft
- Product
- Exchange Server