CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 (ProxyShell) & CVE-2020-0688
Vendor and product: Microsoft Exchange Server
This set of software vulnerabilities, known very well to Exchange admins as ProxyShell, combines privilege escalation, security bypass and remote code execution to form one of the nastiest set of bugs to be exploited in recent years.
According to CISA, successful exploitation enables a threat actor to execute arbitrary code. The bugs reside within the Microsoft Client Access Service (CAS), which is usually run on port 443 in Microsoft Internet Information Services and commonly exposed to the internet to allow users to access email via mobile devices and web browsers.
CVE-2020-0688, meanwhile, is a separate Exchange Server bug that leads to remote code execution. It exists within the Exchange Control Panel web application.
According to Zero Day Initiative, the product fails to generate a unique cryptographic key at installation, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Return To Article