HomePentest-Tools.com Logo

Microsoft Exchange - Remote Code Execution (ProxyNotFound - CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483) (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483)

Severity
CVSSv3 Score
9.8
Vulnerability description

Microsoft Exchange is vulnerable to the ProxyNotFound attack chain, a Remote Code Execution vulnerability, affecting the ecp endpoint, that can be used by an unauthenticated malicious attacker to execute commands on the server. CVE-2021-28480 and CVE-28481 are pre-authentication vulnerabilities, and CVE-2021-28482 and CVE-28483 are post-authgentication vulnerabilities.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the Exchange server in order to steal confidential information, install ransomware or pivot to the internal network.

Recommendation

Upgrade the Exchange server to the latest version or to the following cumulative updates: Microsoft Exchange Server 2019 - Cumulative Update 9 Microsoft Exchange Server 2019 - Cumulative Update 8 Microsoft Exchange Server 2016 - Cumulative Update 20 Microsoft Exchange Server 2016 - Cumulative Update 19 Microsoft Exchange Server 2013 - Cumulative Update 23

Codename
ProxyNotFound
Detectable with
Network Scanner
Exploitable with Sniper
No
Vuln date
Apr 2021
Published at
Updated at
Software Type
Email server
Vendor
Microsoft
Product
Exchange Server