Vulnerability identifier: #VU54704

Vulnerability risk: Low

CVSSv3.1: 8.6 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-34523

CWE-ID: CWE-264

Exploitation vector: Local

Exploits in database: 2

• September 7, 2021
  • proxyshell (Proof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) [Github]
• August 19, 2021
  • Microsoft Exchange ProxyShell RCE [Metasploit]

Impact: Information disclosure and data manipulation

Vulnerable software:
Microsoft Exchange Server
Server applications / Mail servers

Vendor: Microsoft