Vulnerability Details CVE-2021-26855
Microsoft Exchange Server Remote Code Execution Vulnerability
Exploit prediction scoring system (EPSS) score
EPSS Score 0.943
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 7.5
Proposed Action
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Ransomware Campaign
Known
References
- http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html
- http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.html
- http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855
- http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html
- http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.html
- http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855
Products affected by CVE-2021-26855
-
cpe:2.3:a:microsoft:exchange_server:2013
-
cpe:2.3:a:microsoft:exchange_server:2016
-
cpe:2.3:a:microsoft:exchange_server:2019