Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Very High

CVE-2021-34473

Disclosure Date: July 14, 2021 (last updated July 20, 2021)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
Attacker Value
Very High

ProxyShell Exploit Chain

Last updated August 20, 2021
ProxyShell is an exploit chain targeting on-premise installations of Microsoft Exchange Server. It was demonstrated by Orange Tsai at Pwn2Own in April 2021 and is comprised of three CVEs that, when chained, allow a remote unauthenticated attacker to execute arbitrary code on vulnerable targets. The three CVEs are CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. Details are available in Orange Tsai's [Black Hat USA 2020 talk](https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-ProxyLogon-Is-Just-The-Tip-Of-The-Iceberg-A-New-Attack-Surface-On-Microsoft-Exchange-Server.pdf) and follow-on [blog series](https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html). ProxyShell is being broadly exploited in the wild as of August 12, 2021.
9
Attacker Value
Unknown

CVE-2021-31206

Disclosure Date: July 14, 2021 (last updated September 21, 2021)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-34473.
Attacker Value
Unknown

CVE-2021-31196

Disclosure Date: July 14, 2021 (last updated July 17, 2021)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31206, CVE-2021-34473.