← volver
CVE-2021-26855

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS 9.1 CRITICALEPSS 100.0%● KEVCWE-918
En resumen

Una vulnerabilidad crítica en Microsoft Exchange Server permite que atacantes ejecuten código malicioso de forma remota en servidores afectados. Un atacante puede explotar esta falla para obtener control total del sistema de correo electrónico sin necesidad de credenciales válidas.

Detalle técnico

Esta vulnerabilidad de Server-Side Request Forgery (SSRF) en el servicio Autodiscover de Exchange Server permite que atacantes no autenticados ejecuten código arbitrario mediante solicitudes HTTP maliciosas que eludan controles de autenticación. La vulnerabilidad permite ejecución de código remoto con privilegios SYSTEM, afectando todas las versiones de Exchange Server 2013, 2016 y 2019 en configuraciones predeterminadas.

Resumen generado y traducido por IA a partir de la descripción oficial.
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C
Productos afectados
Microsoft · Microsoft Exchange Server 2013 Cumulative Update 21Microsoft · Microsoft Exchange Server 2013 Cumulative Update 22Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23Microsoft · Microsoft Exchange Server 2016 Cumulative Update 10Microsoft · Microsoft Exchange Server 2016 Cumulative Update 11Microsoft · Microsoft Exchange Server 2016 Cumulative Update 12Microsoft · Microsoft Exchange Server 2016 Cumulative Update 13Microsoft · Microsoft Exchange Server 2016 Cumulative Update 14Microsoft · Microsoft Exchange Server 2016 Cumulative Update 15Microsoft · Microsoft Exchange Server 2016 Cumulative Update 16Microsoft · Microsoft Exchange Server 2016 Cumulative Update 17Microsoft · Microsoft Exchange Server 2016 Cumulative Update 18Microsoft · Microsoft Exchange Server 2016 Cumulative Update 19Microsoft · Microsoft Exchange Server 2016 Cumulative Update 8Microsoft · Microsoft Exchange Server 2016 Cumulative Update 9Microsoft · Microsoft Exchange Server 2019Microsoft · Microsoft Exchange Server 2019 Cumulative Update 1Microsoft · Microsoft Exchange Server 2019 Cumulative Update 2Microsoft · Microsoft Exchange Server 2019 Cumulative Update 3Microsoft · Microsoft Exchange Server 2019 Cumulative Update 4Microsoft · Microsoft Exchange Server 2019 Cumulative Update 5Microsoft · Microsoft Exchange Server 2019 Cumulative Update 6Microsoft · Microsoft Exchange Server 2019 Cumulative Update 7Microsoft · Microsoft Exchange Server 2019 Cumulative Update 8
PoCs públicas encontradas57
githubgithub.com/Flangvik/SharpProxyLogon249githubgithub.com/hosch3n/ProxyVulns177githubgithub.com/dwisiswant0/proxylogscan164githubgithub.com/p0wershe11/ProxyLogon124githubgithub.com/h4x0r-dz/CVE-2021-26855100githubgithub.com/cert-lv/exchange_webshell_detection99githubgithub.com/hackerschoice/CVE-2021-2685560githubgithub.com/alt3kx/CVE-2021-26855_PoC53githubgithub.com/praetorian-inc/proxylogon-exploit51githubgithub.com/conjojo/Microsoft_Exchange_Server_SSRF_CVE-2021-2685536githubgithub.com/RickGeex/ProxyLogon32githubgithub.com/ZephrFish/Exch-CVE-2021-2685529githubgithub.com/evilashz/ExchangeSSRFtoRCEExploit28githubgithub.com/pussycat0x/CVE-2021-26855-SSRF23githubgithub.com/hakivvi/proxylogon22githubgithub.com/soteria-security/HAFNIUM-IOC22githubgithub.com/srvaccount/CVE-2021-26855-PoC17githubgithub.com/r0xDB/CVE-2021-2685512githubgithub.com/kh4sh3i/ProxyLogon9githubgithub.com/mil1200/ProxyLogon-CVE-2021-268559githubgithub.com/thau0x01/poc_proxylogon8githubgithub.com/La3B0z/CVE-2021-26855-SSRF-Exchange6githubgithub.com/Mr-xn/CVE-2021-26855-d6githubgithub.com/sgnls/exchange-0days-2021035githubgithub.com/hackerxj007/CVE-2021-268555githubgithub.com/SCS-Labs/HAFNIUM-Microsoft-Exchange-0day5githubgithub.com/mekhalleh/exchange_proxylogon4githubgithub.com/ZephrFish/Exch-CVE-2021-26855_Priv4githubgithub.com/Yt1g3r/CVE-2021-26855_SSRF4githubgithub.com/TaroballzChen/ProxyLogon-CVE-2021-26855-metasploit4githubgithub.com/ssrsec/Microsoft-Exchange-RCE3githubgithub.com/KotSec/CVE-2021-26855-Scanner3githubgithub.com/Immersive-Labs-Sec/ProxyLogon3githubgithub.com/glen-pearson/ProxyLogon-CVE-2021-268551githubgithub.com/timb-machine-mirrors/testanull-CVE-2021-26855_read_poc.txt0githubgithub.com/mauricelambert/ExchangeWeaknessTest0githubgithub.com/DCScoder/Exchange_IOC_Hunter0githubgithub.com/antichown/Scan-Vuln-CVE-2021-268550githubgithub.com/catmandx/CVE-2021-26855-Exchange-RCE0githubgithub.com/hictf/CVE-2021-26855-CVE-2021-270650githubgithub.com/haotiku/CVE-2021-26855-exploit-Exchange0githubgithub.com/Nick-Yin12/1063625220githubgithub.com/yaoxiaoangry3/Flangvik0githubgithub.com/1342486672/Flangvik0githubgithub.com/TheDudeD6/ExchangeSmash0githubgithub.com/ShyTangerine/cve-2021-268550githubgithub.com/Wercd/CVE-2021-268550githubgithub.com/SimoesCTT/CTT-ProxyLogon-RCE-v1.0---Convergent-Time-Theory-Enhanced-Microsoft-Exchange-Exploit0githubgithub.com/SimoesCTT/CTT-Exchange-RCE-v1.0---Microsoft-Exchange-Exploit-CVSS-10.0-CRITICAL-CVE-2021-26855-CVE-2021-270650cve_referencepacketstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.htmlno verificadoexploitdbwww.exploit-db.com/exploits/49637no verificadoexploitdbwww.exploit-db.com/exploits/49879no verificadoexploitdbwww.exploit-db.com/exploits/49895no verificadocve_referencepacketstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.htmlno verificadocve_referencepacketstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.htmlno verificadocve_referencepacketstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.htmlno verificadoexploitdbwww.exploit-db.com/exploits/49663no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.htmlhttp://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.htmlhttp://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26855