Microsoft Exchange - Remote Code Execution (ProxyLogon - CVE-2021-26855, CVE-2021-27065)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
- Not available
- Risk description
- Not available
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
- Not available
- References
- https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/
- Codename
- ProxyLogon
- Detectable with
- Network Scanner
- Scan engine
- Sniper
- Exploitable with Sniper
- Yes
- CVE Published
- Mar 1, 2021
- Detection added at
- Software Type
- Email server
- Vendor
- Microsoft
- Product
- Exchange Server
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.