module
Microsoft Exchange ProxyLogon RCE
| Disclosed | Created |
|---|---|
| Mar 2, 2021 | Mar 23, 2021 |
Disclosed
Mar 2, 2021
Created
Mar 23, 2021
Description
This module exploit a vulnerability on Microsoft Exchange Server that
allows an attacker bypassing the authentication, impersonating as the
admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get
the RCE (Remote Code Execution).
By taking advantage of this vulnerability, you can execute arbitrary
commands on the remote Microsoft Exchange Server.
This vulnerability affects (Exchange 2013 Versions
Exchange 2016 CU18 Exchange 2019 CU7
All components are vulnerable by default.
allows an attacker bypassing the authentication, impersonating as the
admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get
the RCE (Remote Code Execution).
By taking advantage of this vulnerability, you can execute arbitrary
commands on the remote Microsoft Exchange Server.
This vulnerability affects (Exchange 2013 Versions
Exchange 2016 CU18 Exchange 2019 CU7
All components are vulnerable by default.
Authors
Orange Tsai
Jang ( Jang (@testanull)
mekhalleh (RAMELLA Sébastien)
print("")
lotusdll
Praetorian
Jang ( Jang (@testanull)
mekhalleh (RAMELLA Sébastien)
print("")
lotusdll
Praetorian
Platform
Windows
Architectures
x64, x86, cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.