CVE-2021-26855
Microsoft Exchange Server Remote Code Execution Vulnerability
In short
A critical vulnerability in Microsoft Exchange Server allows attackers to execute malicious code remotely on affected servers. An attacker can exploit this flaw to gain full control of the email system without needing valid credentials.
Technical detail
This Server-Side Request Forgery (SSRF) vulnerability in Exchange Server's Autodiscover service allows unauthenticated attackers to execute arbitrary code by crafting malicious HTTP requests that bypass authentication controls. The vulnerability permits remote code execution with SYSTEM privileges, affecting all versions of Exchange Server 2013, 2016, and 2019 in default configurations.
Summary generated and translated by AI from the official description.
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2013 Cumulative Update 21Microsoft · Microsoft Exchange Server 2013 Cumulative Update 22Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23Microsoft · Microsoft Exchange Server 2016 Cumulative Update 10Microsoft · Microsoft Exchange Server 2016 Cumulative Update 11Microsoft · Microsoft Exchange Server 2016 Cumulative Update 12Microsoft · Microsoft Exchange Server 2016 Cumulative Update 13Microsoft · Microsoft Exchange Server 2016 Cumulative Update 14Microsoft · Microsoft Exchange Server 2016 Cumulative Update 15Microsoft · Microsoft Exchange Server 2016 Cumulative Update 16Microsoft · Microsoft Exchange Server 2016 Cumulative Update 17Microsoft · Microsoft Exchange Server 2016 Cumulative Update 18Microsoft · Microsoft Exchange Server 2016 Cumulative Update 19Microsoft · Microsoft Exchange Server 2016 Cumulative Update 8Microsoft · Microsoft Exchange Server 2016 Cumulative Update 9Microsoft · Microsoft Exchange Server 2019Microsoft · Microsoft Exchange Server 2019 Cumulative Update 1Microsoft · Microsoft Exchange Server 2019 Cumulative Update 2Microsoft · Microsoft Exchange Server 2019 Cumulative Update 3Microsoft · Microsoft Exchange Server 2019 Cumulative Update 4Microsoft · Microsoft Exchange Server 2019 Cumulative Update 5Microsoft · Microsoft Exchange Server 2019 Cumulative Update 6Microsoft · Microsoft Exchange Server 2019 Cumulative Update 7Microsoft · Microsoft Exchange Server 2019 Cumulative Update 8public PoCs found — 57
githubgithub.com/Flangvik/SharpProxyLogon★ 249githubgithub.com/hosch3n/ProxyVulns★ 177githubgithub.com/dwisiswant0/proxylogscan★ 164githubgithub.com/p0wershe11/ProxyLogon★ 124githubgithub.com/h4x0r-dz/CVE-2021-26855★ 100githubgithub.com/cert-lv/exchange_webshell_detection★ 99githubgithub.com/hackerschoice/CVE-2021-26855★ 60githubgithub.com/alt3kx/CVE-2021-26855_PoC★ 53githubgithub.com/praetorian-inc/proxylogon-exploit★ 51githubgithub.com/conjojo/Microsoft_Exchange_Server_SSRF_CVE-2021-26855★ 36githubgithub.com/RickGeex/ProxyLogon★ 32githubgithub.com/ZephrFish/Exch-CVE-2021-26855★ 29githubgithub.com/evilashz/ExchangeSSRFtoRCEExploit★ 28githubgithub.com/pussycat0x/CVE-2021-26855-SSRF★ 23githubgithub.com/hakivvi/proxylogon★ 22githubgithub.com/soteria-security/HAFNIUM-IOC★ 22githubgithub.com/srvaccount/CVE-2021-26855-PoC★ 17githubgithub.com/r0xDB/CVE-2021-26855★ 12githubgithub.com/kh4sh3i/ProxyLogon★ 9githubgithub.com/mil1200/ProxyLogon-CVE-2021-26855★ 9githubgithub.com/thau0x01/poc_proxylogon★ 8githubgithub.com/La3B0z/CVE-2021-26855-SSRF-Exchange★ 6githubgithub.com/Mr-xn/CVE-2021-26855-d★ 6githubgithub.com/sgnls/exchange-0days-202103★ 5githubgithub.com/hackerxj007/CVE-2021-26855★ 5githubgithub.com/SCS-Labs/HAFNIUM-Microsoft-Exchange-0day★ 5githubgithub.com/mekhalleh/exchange_proxylogon★ 4githubgithub.com/ZephrFish/Exch-CVE-2021-26855_Priv★ 4githubgithub.com/Yt1g3r/CVE-2021-26855_SSRF★ 4githubgithub.com/TaroballzChen/ProxyLogon-CVE-2021-26855-metasploit★ 4githubgithub.com/ssrsec/Microsoft-Exchange-RCE★ 3githubgithub.com/KotSec/CVE-2021-26855-Scanner★ 3githubgithub.com/Immersive-Labs-Sec/ProxyLogon★ 3githubgithub.com/glen-pearson/ProxyLogon-CVE-2021-26855★ 1githubgithub.com/timb-machine-mirrors/testanull-CVE-2021-26855_read_poc.txt★ 0githubgithub.com/mauricelambert/ExchangeWeaknessTest★ 0githubgithub.com/DCScoder/Exchange_IOC_Hunter★ 0githubgithub.com/antichown/Scan-Vuln-CVE-2021-26855★ 0githubgithub.com/catmandx/CVE-2021-26855-Exchange-RCE★ 0githubgithub.com/hictf/CVE-2021-26855-CVE-2021-27065★ 0githubgithub.com/haotiku/CVE-2021-26855-exploit-Exchange★ 0githubgithub.com/Nick-Yin12/106362522★ 0githubgithub.com/yaoxiaoangry3/Flangvik★ 0githubgithub.com/1342486672/Flangvik★ 0githubgithub.com/TheDudeD6/ExchangeSmash★ 0githubgithub.com/ShyTangerine/cve-2021-26855★ 0githubgithub.com/Wercd/CVE-2021-26855★ 0githubgithub.com/SimoesCTT/CTT-ProxyLogon-RCE-v1.0---Convergent-Time-Theory-Enhanced-Microsoft-Exchange-Exploit★ 0githubgithub.com/SimoesCTT/CTT-Exchange-RCE-v1.0---Microsoft-Exchange-Exploit-CVSS-10.0-CRITICAL-CVE-2021-26855-CVE-2021-27065★ 0cve_referencepacketstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49637unverifiedexploitdbwww.exploit-db.com/exploits/49879unverifiedexploitdbwww.exploit-db.com/exploits/49895unverifiedcve_referencepacketstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.htmlunverifiedcve_referencepacketstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.htmlunverifiedcve_referencepacketstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49663unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.htmlhttp://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.htmlhttp://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26855