CVE-2021-41349 – Microsoft Exchange Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2021-41349
Microsoft Exchange Server Spoofing Vulnerability Una vulnerabilidad de Spoofing de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-42305 • https://github.com/exploit-io/CVE-2021-41349 https://github.com/0xrobiul/CVE-2021-41349 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349 •
CVE-2021-26427 – Microsoft Exchange Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-26427
Microsoft Exchange Server Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Microsoft Exchange Server • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427 •
CVE-2021-34523 – Microsoft Exchange Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34523
Microsoft Exchange Server Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-33768, CVE-2021-34470 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Powershell service. The issue results from the lack of proper validation of a access token prior to executing the Exchange PowerShell command. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. • https://github.com/SUPRAAA-1337/CVE-2021-34523 http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523 https://www.zerodayinitiative.com/advisories/ZDI-21-822 • CWE-287: Improper Authentication •
CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-34473
Microsoft Exchange Server Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-31196, CVE-2021-31206 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Autodiscover service. The issue results from the lack of proper validation of URI prior to accessing resources. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. • https://github.com/p2-98/CVE-2021-34473 https://github.com/je6k/CVE-2021-34473-Exchange-ProxyShell https://github.com/RaouzRouik/CVE-2021-34473-scanner https://github.com/ipsBruno/CVE-2021-34473-NMAP-SCANNER https://github.com/jrgdiaz/ProxyShell-CVE-2021-34473.py http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34473 https://www.zerodayinitiative.com/advisories/ZDI-21-82 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-34470 – Microsoft Exchange Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-34470
Microsoft Exchange Server Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-33768, CVE-2021-34523 The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege. • http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470 •