VDB
CVE-2021-31196
CVE-2021-31196
PUBLISHED
KEV
In Microsoft Exchange Server 2013, Microsoft Exchange Server 2016 und Microsoft Exchange Server 2019 existieren mehrere nicht näher beschriebene Schwachstellen. Ein Angreifer kann dies ausnutzen, um beliebigen Code auszuführen, um seine Privilegien zu erhöhen und um Informationen offenzulegen. Einige dieser Schwachstellen können von einem entfernten, anonymen Angreifer ausgenutzt werden. Die Ausnutzung einiger dieser Schwachstellen erfordert keine Nutzer-Interaktion.
EPSS 3.34% · 87.6th percentile
Risk Scores
EPSS Score
3.34%
87.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 8 | |
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 20 |
Exploit Intelligence
- [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains. (github-poc-repo)
- [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains. (github-poc-repo)
- [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains. (github-poc-repo)
- [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains. (github-poc-repo)
- [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains. (github-poc-repo)
- [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains. (github-poc-repo)
- [ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains. (github-poc-repo)
- https://www.rapid7.com/blog/post/2021/08/12/proxyshell-more-widespread-exploitation-of-microsoft-exchange-servers/ (certbund)
- https://www.cisa.gov/news-events/alerts/2024/08/21/cisa-adds-four-known-exploited-vulnerabilities-catalog (certbund)
- exploit_cve_2021_33766_proxytoken.yar (github-yara)
…and 132 more exploits
Timeline
- Jul 13, 2021 CVE Published
- Jul 15, 2021 EPSS Score
- Sep 10, 2021 EPSS Score
- Sep 23, 2021 PoC Published
- Feb 4, 2022 EPSS Score
- Dec 11, 2023 PoC Published
- Mar 1, 2024 PoC Published
- Apr 5, 2024 PoC Published
- Jul 14, 2024 PoC Published
- Jul 17, 2024 PoC Published
- Aug 21, 2024 CISA KEV Added
- Aug 21, 2024 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2024-1897.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1897 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://www.rapid7.com/blog/post/2021/08/12/proxyshell-more-widespread-exploitation-of-microsoft-exchange-servers/ exploit
- https://thehackernews.com/2021/08/new-microsoft-exchange-proxytoken-flaw.html advisory
- https://www.cisa.gov/news-events/alerts/2024/08/21/cisa-adds-four-known-exploited-vulnerabilities-catalog exploit