module
Microsoft Exchange ProxyShell RCE
| Disclosed | Created |
|---|---|
| 04/06/2021 | 08/19/2021 |
Disclosed
04/06/2021
Created
08/19/2021
Description
This module exploits a vulnerability on Microsoft Exchange Server that
allows an attacker to bypass the authentication (CVE-2021-31207), impersonate an
arbitrary user (CVE-2021-34523) and write an arbitrary file (CVE-2021-34473) to achieve
the RCE (Remote Code Execution).
By taking advantage of this vulnerability, you can execute arbitrary
commands on the remote Microsoft Exchange Server.
This vulnerability affects Exchange 2013 CU23
Exchange 2016 CU19 Exchange 2019 CU8
All components are vulnerable by default.
allows an attacker to bypass the authentication (CVE-2021-31207), impersonate an
arbitrary user (CVE-2021-34523) and write an arbitrary file (CVE-2021-34473) to achieve
the RCE (Remote Code Execution).
By taking advantage of this vulnerability, you can execute arbitrary
commands on the remote Microsoft Exchange Server.
This vulnerability affects Exchange 2013 CU23
Exchange 2016 CU19 Exchange 2019 CU8
All components are vulnerable by default.
Authors
Orange TsaiJang ( PeterJsonbrandonshi123mekhalleh (RAMELLA Sébastien)Donny MaaslandRich WarrenSpencer McIntyrewvu
Platform
Windows
Architectures
cmd, x64, x86
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/windows/http/exchange_proxyshell_rce
msf /(e) > show actions
...actions...
msf /(e) > set ACTION < action-name >
msf /(e) > show options
...show and set options...
msf /(e) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.