Microsoft Exchange - Remote Code Execution (ProxyNotFound - CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483) (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483)

Name: Microsoft Exchange - Remote Code Execution (ProxyNotFound - CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483) (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483)
Published: 2021-05-12T00:00:00.000Z

Severity
CVSSv3 Score: 9.8
CVE: CVE-2021-28480 CVE-2021-28481 CVE-2021-28482 CVE-2021-28483

Vulnerability description: Microsoft Exchange is vulnerable to the ProxyNotFound attack chain, a Remote Code Execution vulnerability, affecting the ecp endpoint, that can be used by an unauthenticated malicious attacker to execute commands on the server. CVE-2021-28480 and CVE-28481 are pre-authentication vulnerabilities, and CVE-2021-28482 and CVE-28483 are post-authgentication vulnerabilities.
Risk description: The risk exists that a remote unauthenticated attacker can fully compromise the Exchange server in order to steal confidential information, install ransomware or pivot to the internal network.
Recommendation: Upgrade the Exchange server to the latest version or to the following cumulative updates: Microsoft Exchange Server 2019 - Cumulative Update 9 Microsoft Exchange Server 2019 - Cumulative Update 8 Microsoft Exchange Server 2016 - Cumulative Update 20 Microsoft Exchange Server 2016 - Cumulative Update 19 Microsoft Exchange Server 2013 - Cumulative Update 23
References: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28480
https://support.microsoft.com/help/5001779
Codename: ProxyNotFound

Detectable with: Network Scanner
Exploitable with Sniper: No
Vuln date: Apr 2021
Published at: May 2021
Updated at: May 2021
Software Type: Email server
Vendor: Microsoft
Product: Exchange Server