This article has been indexed from Threat Research Blog
In August 2021, Mandiant Managed Defense identified and responded to
the exploitation of a chain of vulnerabilities known as ProxyShell.
The ProxyShell vulnerabilities consist of three CVEs
(CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) affecting the
following versions of on-premises Microsoft Exchange Servers.
- Exchange Server 2013 (Cumulative Update 23 and below)
- Exchange Server 2016 (Cumulative Update 20 and below)
- Exchange Server 2019 (Cumulative Update 9 and below)
The vulnerabilities are being tracked in the following CVEs:
CVE |
Risk Rating |
Access Vector |
Exploitability |
Ease of Attack |
Mandiant Intel |
CVE-2021-34473 |
High |
Network |
Functional |
Easy |
|
CVE-2021-34523 |
Low |
Local |
Functional |
Easy |
|
CVE-2021-31207 |
Medium |
Network |
Functional |
Easy |
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers