Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 7 |
CVE-ID | CVE-2021-26412 CVE-2021-26854 CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 CVE-2021-27078 |
CWE-ID | CWE-20 CWE-918 |
Exploitation vector | Network |
Public exploit |
Vulnerability #3 is being exploited in the wild. Vulnerability #4 is being exploited in the wild. Vulnerability #5 is being exploited in the wild. Vulnerability #6 is being exploited in the wild. |
Vulnerable software |
Microsoft Exchange Server Server applications / Mail servers |
Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU51174
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26412
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
CPE2.3http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26412
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51173
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26854
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
CPE2.3http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26854
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51171
Risk: Critical
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-26855
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP request to the Microsoft Exchange OWA interface, upload arbitrary file on the server and execute it.
Note, this vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
CPE2.3http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855
http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
http://github.com/microsoft/CSS-Exchange/tree/main/Security
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU51170
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-26857
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Note, this vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
CPE2.3http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857
http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU51169
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-26858
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Note, this vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
CPE2.3http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858
http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU51168
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-27065
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Note, this vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
CPE2.3http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065
http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU51172
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27078
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2013 Cumulative Update 1 15.00.0712.024 - 2019 RTM 15.02.0221.012
CPE2.3http://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27078
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.