CVE-2021-31207
Microsoft Exchange Server Security Feature Bypass Vulnerability
In short
A security feature in Microsoft Exchange Server can be bypassed, allowing attackers to upload and execute malicious files on the server. This vulnerability undermines the server's built-in protections designed to prevent such attacks.
Technical detail
CWE-434 (Unrestricted File Upload) vulnerability in Microsoft Exchange Server allows authenticated or semi-authenticated attackers to bypass file upload restrictions and execute arbitrary code. The vulnerability requires access to Exchange services but circumvents the validation mechanisms that normally prevent dangerous file uploads.
Summary generated and translated by AI from the official description.
Microsoft Exchange Server Security Feature Bypass Vulnerability
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23Microsoft · Microsoft Exchange Server 2016 Cumulative Update 19Microsoft · Microsoft Exchange Server 2016 Cumulative Update 20Microsoft · Microsoft Exchange Server 2019 Cumulative Update 8Microsoft · Microsoft Exchange Server 2019 Cumulative Update 9public PoCs found — 1
cve_referencepacketstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31207https://www.zerodayinitiative.com/advisories/ZDI-21-819/