VDB
BDU%3A2021-02608
BDU%3A2021-02608
PUBLISHED
CVSS 7.599999904632568 HIGH
Уязвимость почтового сервера Microsoft Exchange Server, связанная с ошибками в настройках безопасности, позволяющая нарушителю выполнить произвольный код с привилегиями SYSTEM
Risk Scores
CVSS 2.0
7.599999904632568
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft Corp | Microsoft Exchange Server |
Exploit Intelligence
- [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains. (github-poc-repo)
- Proof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207 (github-poc-repo)
- apt35_rules.yar (github-yara)
- ProxyShell.yara (github-yara)
- risk_calculator.cpp (github-poc)
- risk_calculator.cpp (github-poc)
- kev.json (github-poc)
- data.js (github-poc)
- Invoke-AnalyzerSecurityCveCheck.ps1 (github-poc)
Timeline
- May 20, 2021 CVE Published
- Oct 21, 2023 PoC Published
- Sep 24, 2024 CVE Updated
- Oct 1, 2025 PoC Published
- Mar 19, 2026 Security Advisory
References
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-31207 url
- https://www.cybersecurity-help.cz/vdb/SB2021051112 url
- https://www.zerodayinitiative.com/advisories/ZDI-21-819/ url
- https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv url