Multiple vulnerabilities in Microsoft Exchange Server
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2021-26412 CVE-2021-26854 CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 CVE-2021-27078 |
| CWE-ID | CWE-20 CWE-918 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #3 is being exploited in the wild. Vulnerability #4 is being exploited in the wild. Vulnerability #5 is being exploited in the wild. Vulnerability #6 is being exploited in the wild. |
| Vulnerable software Subscribe |
Microsoft Exchange Server Server applications / Mail servers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU51174
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26412
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
External linkshttp://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26412
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU51173
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26854
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
External linkshttp://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26854
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU51171
Risk: Critical
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-26855
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP request to the Microsoft Exchange OWA interface, upload arbitrary file on the server and execute it.
Note, this vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855
http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
http://github.com/microsoft/CSS-Exchange/tree/main/Security
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Input validation error
EUVDB-ID: #VU51170
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-26857
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Note, this vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857
http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
5) Input validation error
EUVDB-ID: #VU51169
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-26858
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Note, this vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858
http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
6) Input validation error
EUVDB-ID: #VU51168
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-27065
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Note, this vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065
http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
7) Input validation error
EUVDB-ID: #VU51172
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27078
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
External linkshttp://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27078
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
