module
Microsoft Exchange ProxyLogon Scanner
| Disclosed |
|---|
| Mar 2, 2021 |
Disclosed
Mar 2, 2021
Description
This module scan for a vulnerability on Microsoft Exchange Server that
allows an attacker bypassing the authentication and impersonating as the
admin (CVE-2021-26855).
By chaining this bug with another post-auth arbitrary-file-write
vulnerability to get code execution (CVE-2021-27065).
As a result, an unauthenticated attacker can execute arbitrary commands on
Microsoft Exchange Server.
This vulnerability affects (Exchange 2013 Versions
Exchange 2016 CU18 Exchange 2019 CU7
All components are vulnerable by default.
allows an attacker bypassing the authentication and impersonating as the
admin (CVE-2021-26855).
By chaining this bug with another post-auth arbitrary-file-write
vulnerability to get code execution (CVE-2021-27065).
As a result, an unauthenticated attacker can execute arbitrary commands on
Microsoft Exchange Server.
This vulnerability affects (Exchange 2013 Versions
Exchange 2016 CU18 Exchange 2019 CU7
All components are vulnerable by default.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.