Vulnerability-Lookup

CVE-2021-26858 (GCVE-0-2021-26858)

Vulnerability from cvelistv5 – Published: 2021-03-02 23:55 – Updated: 2025-10-21 23:25

CISA KEV KEVintel KEV

Title

Microsoft Exchange Server Remote Code Execution Vulnerability

Summary

Microsoft Exchange Server Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

SSVC

Exploitation: active Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

Remote Code Execution
CWE-noinfo Not enough information

Assigner

microsoft

References

2 references

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

Impacted products

24 products

Vendor	Product	Version
Microsoft	Microsoft Exchange Server 2019	Affected: 15.02.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2019:::::::*
Microsoft	Microsoft Exchange Server 2013 Cumulative Update 22	Affected: 15.00.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22::::::
Microsoft	Microsoft Exchange Server 2019 Cumulative Update 2	Affected: 15.02.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 13	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13::::::
Microsoft	Microsoft Exchange Server 2013 Cumulative Update 23	Affected: 15.00.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23::::::
Microsoft	Microsoft Exchange Server 2019 Cumulative Update 3	Affected: 15.02.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 14	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14::::::
Microsoft	Microsoft Exchange Server 2019 Cumulative Update 4	Affected: 15.02.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 15	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15::::::
Microsoft	Microsoft Exchange Server 2019 Cumulative Update 5	Affected: 15.02.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5::::::
Microsoft	Microsoft Exchange Server 2019 Cumulative Update 6	Affected: 15.02.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 16	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 17	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17::::::
Microsoft	Microsoft Exchange Server 2019 Cumulative Update 7	Affected: 15.02.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 18	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 19	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19::::::
Microsoft	Microsoft Exchange Server 2019 Cumulative Update 8	Affected: 15.02.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8::::::
Microsoft	Microsoft Exchange Server 2013 Cumulative Update 21	Affected: 15.00.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 12	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 8	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8::::::
Microsoft	Microsoft Exchange Server 2019 Cumulative Update 1	Affected: 15.02.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 9	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 10	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10::::::
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 11	Affected: 15.01.0 , < publication (custom) cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11::::::

Date Public

2021-03-02 08:00

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 1ed4df3d-25d7-4ae8-957e-4847bafa3266

Vulnerability ID: CVE-2021-26858

Status: Confirmed

Status Updated: 2021-11-03 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2021-11-03

Asserted: 2021-11-03

Scope

Notes: KEV entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26858

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Exchange Server
Due Date	2022-05-03
Date Added	2021-11-03
Vendorproject	Microsoft
Vulnerabilityname	Microsoft Exchange Server Remote Code Execution Vulnerability
Knownransomwarecampaignuse	Known

References

CVE-2021-26858

Created: 2026-02-02 12:28 UTC | Updated: 2026-02-06 07:17 UTC

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 24d97951-6f22-4906-936e-87b0a47ba150

Vulnerability ID: CVE-2021-26858

Status: Confirmed

Status Updated: 2021-11-03 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2021-11-03

Asserted: 2021-11-03

Scope

Notes: KEVIntel entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11 | CVSS: 7.8 (HIGH) | EPSS: 0.89509 | Used in malware: yes | Not yet in CISA KEV: False

Evidence

Type: Public Report

Signal: Confirmed Compromise

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	Microsoft Exchange Server Remote Code Execution Vulnerability
Vendor	Microsoft
Product	Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11
Added Date	2021-11-03T00:00:00.000Z
Cvss Score	7.8
Epss Score	0.89509
Cvss Severity	HIGH
Epss Percentile	0.99769
Used In Malware	yes
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	False

References

Created: 2026-06-19 12:48 UTC | Updated: 2026-06-19 12:48 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:41.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-26858",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T19:16:00.589195Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26858"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:52.837Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26858"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00.000Z",
            "value": "CVE-2021-26858 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2013 Cumulative Update 22",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.00.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 13",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2013 Cumulative Update 23",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.00.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 14",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 15",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 16",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 17",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 7",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 18",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 19",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2013 Cumulative Update 21",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.00.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 11",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-03-02T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T20:08:57.719Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858"
        }
      ],
      "title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-26858",
    "datePublished": "2021-03-02T23:55:27.000Z",
    "dateReserved": "2021-02-08T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:52.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-26858",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Known",
      "notes": "Reference CISA\u0027s ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26858",
      "product": "Exchange Server",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability"
    },
    "epss": {
      "cve": "CVE-2021-26858",
      "date": "2026-06-19",
      "epss": "0.89509",
      "percentile": "0.99769"
    },
    "fkie_nvd": {
      "cisaActionDue": "2021-04-16",
      "cisaExploitAdd": "2021-11-03",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E5EA9AD-1E84-4AB5-A1EF-3B9F2AC84755\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*\", \"matchCriteriaId\": \"751FD35F-2ECD-4B75-9589-988CC6AD3058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA166F2A-D83B-4D50-AD0B-668D813E0585\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C21F84B-E99C-451D-9EAF-6352FD2B0EAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*\", \"matchCriteriaId\": \"63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BE04790-85A2-4078-88CE-1787BC5172E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCF101BE-27FD-4E2D-A694-C606BD3D1ED7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DF5BDB5-205D-4B64-A49A-0152AFCF4A13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*\", \"matchCriteriaId\": \"55284CF7-0D04-4216-83FE-4B1F9CA94207\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA2CE223-AA49-49E6-AC32-59270EFF55AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*\", \"matchCriteriaId\": \"4830D6A9-AF74-480C-8F69-8648CD619980\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*\", \"matchCriteriaId\": \"079E1E3F-FF25-4B0D-AC98-191D6455A014\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*\", \"matchCriteriaId\": \"29805EC7-6403-44B9-91EC-109C087E98EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*\", \"matchCriteriaId\": \"28FCA0E8-7D27-4746-9731-91B834CA3E64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*\", \"matchCriteriaId\": \"075E907F-AF2F-4C31-86C7-51972BE412A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*\", \"matchCriteriaId\": \"69AF19DC-3D65-49A8-A85F-511085CDF27B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"40D8A6DB-9225-4A3F-AD76-192F6CCCF002\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"051DE6C4-7456-4C42-BC51-253208AADB4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE320413-D2C9-4B28-89BF-361B44A3F0FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*\", \"matchCriteriaId\": \"104F96DC-E280-4E0A-8586-B043B55888C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*\", \"matchCriteriaId\": \"73B3B3FE-7E85-4B86-A983-2C410FFEF4B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A9FB275-7F17-48B2-B528-BE89309D2AF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4AB3C25-CEA8-4D66-AEE4-953C8B17911A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*\", \"matchCriteriaId\": \"36CE5C6D-9A04-41F5-AE7C-265779833649\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*\", \"matchCriteriaId\": \"44ECF39A-1DE1-4870-A494-06A53494338D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Exchange Server Remote Code Execution Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Una Vulnerabilidad de Ejecuci\\u00f3n de c\\u00f3digo remota de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078\"}]",
      "id": "CVE-2021-26858",
      "lastModified": "2024-11-21T05:56:54.283",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-03-03T00:15:12.227",
      "references": "[{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-26858\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2021-03-03T00:15:12.227\",\"lastModified\":\"2025-10-30T19:55:48.230\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Exchange Server Remote Code Execution Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una Vulnerabilidad de Ejecuci\u00f3n de c\u00f3digo remota de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-04-16\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Exchange Server Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E5EA9AD-1E84-4AB5-A1EF-3B9F2AC84755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*\",\"matchCriteriaId\":\"751FD35F-2ECD-4B75-9589-988CC6AD3058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA166F2A-D83B-4D50-AD0B-668D813E0585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C21F84B-E99C-451D-9EAF-6352FD2B0EAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BE04790-85A2-4078-88CE-1787BC5172E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCF101BE-27FD-4E2D-A694-C606BD3D1ED7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DF5BDB5-205D-4B64-A49A-0152AFCF4A13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"55284CF7-0D04-4216-83FE-4B1F9CA94207\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA2CE223-AA49-49E6-AC32-59270EFF55AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*\",\"matchCriteriaId\":\"4830D6A9-AF74-480C-8F69-8648CD619980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*\",\"matchCriteriaId\":\"079E1E3F-FF25-4B0D-AC98-191D6455A014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*\",\"matchCriteriaId\":\"29805EC7-6403-44B9-91EC-109C087E98EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*\",\"matchCriteriaId\":\"28FCA0E8-7D27-4746-9731-91B834CA3E64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"075E907F-AF2F-4C31-86C7-51972BE412A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*\",\"matchCriteriaId\":\"69AF19DC-3D65-49A8-A85F-511085CDF27B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"40D8A6DB-9225-4A3F-AD76-192F6CCCF002\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"051DE6C4-7456-4C42-BC51-253208AADB4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE320413-D2C9-4B28-89BF-361B44A3F0FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"104F96DC-E280-4E0A-8586-B043B55888C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"73B3B3FE-7E85-4B86-A983-2C410FFEF4B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A9FB275-7F17-48B2-B528-BE89309D2AF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4AB3C25-CEA8-4D66-AEE4-953C8B17911A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"36CE5C6D-9A04-41F5-AE7C-265779833649\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"44ECF39A-1DE1-4870-A494-06A53494338D\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26858\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T20:33:41.156Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-26858\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T19:16:00.589195Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26858\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00.000Z\", \"value\": \"CVE-2021-26858 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26858\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:16:27.554Z\"}}], \"cna\": {\"title\": \"Microsoft Exchange Server Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.02.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2013 Cumulative Update 22\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.00.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 2\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.02.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 13\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2013 Cumulative Update 23\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.00.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 3\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.02.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 14\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 4\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.02.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 15\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 5\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.02.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 6\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.02.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 16\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 17\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 7\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.02.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 18\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 19\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 8\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.02.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2013 Cumulative Update 21\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.00.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 12\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 8\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 1\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.02.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 9\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 10\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 11\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2021-03-02T08:00:00.000Z\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft Exchange Server Remote Code Execution Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"Impact\", \"description\": \"Remote Code Execution\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2023-12-29T20:08:57.719Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-26858\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:25:52.837Z\", \"dateReserved\": \"2021-02-08T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2021-03-02T23:55:27.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2021-ALE-004

Vulnerability from certfr_alerte - Published: - Updated:

[version du 16 mars 2021]

le 15 mars 2021, Microsoft a publié un nouvel outil dont le but annoncé est d'aider leurs clients à se protéger de l'exploitation de la vulnérabilité CVE-2021-26855 affectant les serveurs de courrier Exchange en attendant l'application des mises à jour (https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/).

Les détails de cet outil sont développés dans la section "Contournement provisoire".

Le CERT-FR souhaite cependant insister sur plusieurs points:

Cet outil ne protège que contre une exploitation future de la vulnérabilité CVE-2021-26855, en attendant l'application de la mise à jour fournie le 2 mars 2021 ;
Les vulnérabilités ayant été exploitées avant la publication des correctifs, puis de façon massive, tous les serveurs Exchange doivent être considérés comme compromis. L'utilisation de cet outil ne remplace pas l'étape de recherche de compromission (voir les recommandations de cette alerte) ;
De plus en plus de codes d'exploitation sont publiquement disponibles. L'outil de Microsoft tente d'annuler certaines modifications malveillantes réalisées lors de l'exploitation de la vulnérabilité CVE-2021-26855, mais cela ne fonctionne que pour une partie des codes d'exploitation connus.

[version du 9 mars 2021]

Le CERT-FR recommande fortement de toujours maintenir les serveurs Exchange dans une version maintenue par l'éditeur, notamment en appliquant les derniers Cumulative Updates (CU). Cependant, étant donné l'urgence de la situation, dans le cas où l'application d'un CU ne peut pas se faire immédiatement, l'éditeur a publié un correctif pour les anciens CU des versions Exchange 2016 et 2019 [8].

Note importante : Le CERT-FR insiste sur l'importance de bien suivre les recommandations de l'éditeur pour l'application des correctifs : en particulier, en cas d'installation manuelle du fichier .msp, il est obligatoire d'avoir les droits administrateur au moment de son installation.

[version du 8 mars 2021]

Microsoft a publié un code [5] permettant de vérifier la présence des indicateurs de compromission (IoCs) liés au mode opératoire Hafnium. Un détail de l'utilisation de ce code est disponible dans la section "scan Exchange log files" de l’article "HAFNIUM targeting Exchange Servers with 0-day exploits" [1].

A défaut d'appliquer le correctif immédiatement, des mesures de contournement provisoires ont été proposées par l'éditeur pour les versions 2013, 2016 et 2019 des serveurs Exchange [6]. Cependant, contrairement aux correctifs, ces mesures ont un impact sur les fonctionnalités des serveurs Exchange et ne garantissent pas une protection complète contre ces vulnérabilités.

De plus, dans le cas où l'application du correctif n'est pas immédiate, le CISA recommande de restreindre les accès externes des plateformes Exchange exposées en appliquant les mesures suivantes [7] :

Bloquer les connections non vérifiées qui peuvent accéder aux serveurs Exchange sur le port 443, ou mettre en place un VPN afin qu'il ne soit plus directement exposé sur Internet ;
Restreindre les accès externes :
- À l'url OWA : /owa/ ;
- À l'url Exchange Admin Center (EAC) aka Exchange Control Panel (ECP) : /ecp/

Microsoft met en avant la forte augmentation de l'exploitation de ces quatre vulnérabilités par des attaquants. Le CERT-FR rappelle donc le motif urgent de la mise en place des correctifs de sécurité, ou au moins la restriction des accès à la plateforme ainsi que la mise en place des mesures de contournement le temps d'appliquer ces correctifs.

[version initiale]

Le 2 mars 2021, Microsoft a publié des correctifs concernant des vulnérabilités critiques de type « jour zéro » (zero day) affectant les serveurs de messagerie Exchange en version 2010, 2013, 2016 et 2019.

Ces vulnérabilités permettent à un attaquant de réaliser une exécution de code arbitraire à distance, permettant d’obtenir in fine les droits de l’administrateur de domaine Active Directory.

CVE-2021-26855 : vulnérabilité côté serveur de type SSRF permettant à l‘attaquant non authentifié d’envoyer des requêtes HTTP arbitraires qui seront exécutées sous l’identité du serveur Exchange.
CVE-2021-27065 : vulnérabilité post-authentification permettant à l’attaquant de pouvoir écrire un contenu arbitraire dans un fichier. Les droits d’accès peuvent être obtenus soit en exploitant la CVE-2021-26855 soit en compromettant les identifiants d’un administrateur légitime.
CVE-2021-26857 : vulnérabilité basée sur une faiblesse de la désérialisation dans le service de messagerie unifiée (Unified Messaging). Cette vulnérabilité permet à l’attaquant de pouvoir exécuter du code arbitraire à distance avec les privilèges SYSTEM sur le serveur Exchange. L’exploitation de cette vulnérabilité demande les droits administrateurs (ou l’exploitation d’une autre vulnérabilité).
CVE-2021-26858 : vulnérabilité post-authentification permettant à l’attaquant de pouvoir écrire un contenu arbitraire dans un fichier. Les droits d’accès peuvent être obtenus soit en exploitant la CVE-2021-26855 soit en compromettant les identifiants d’un administrateur légitime.

L’éditeur indique que ces vulnérabilités ont été exploitées dans des attaques ciblées qu'il attribue à un groupe d’attaquants appelé Hafnium [1]. En complément, les chercheurs de Volexity indiquent avoir détecté des premières attaques dès janvier 2021 [4].

Au vu de la criticité de ces vulnérabilités, l’ANSSI recommande fortement de réaliser les actions suivantes :

déconnecter immédiatement les serveurs Exchange qui seraient exposés sur Internet sans protection le temps d’appliquer les correctifs ;
appliquer immédiatement les correctifs de sécurité fournis par l’éditeur sur l’ensemble des serveurs Exchange exposés sur Internet puis en interne ;
procéder à l’analyse des serveurs Exchange afin d’identifier une possible compromission à l’aide des indicateurs de compromission publiés par l’éditeur [1] et de Volexity [4]. Une première étape consistera notamment à effectuer une recherche d'antécédents dans les logs des serveurs web de Outlook Web Access afin de déceler d'éventuelles requêtes de type POST vers /owa/auth/Current/themes/resources/ ;
en cas de compromission, de contrôler le système d’information pour détecter d’éventuelles latéralisations ainsi qu’une compromission des serveurs Active Directory.

Enfin, le CERT-FR rappelle que les serveurs Microsoft Exchange ne devraient pas être exposés sans protection sur Internet. Il est fortement recommandé d’appliquer les bonnes pratiques publiées par l’ANSSI pour le nomadisme [3].

Contournement provisoire

[version du 16 mars 2021]

L' outil Exchange On-premises Mitigation Tool (EOMT) fourni par Microsoft le 15 mars 2021 a trois fonctions :

chercher à empêcher les exploitations connues de la vulnérabilité CVE-2021-26855 affectant les serveurs Exchange ;
rechercher sur le système des traces connues d'exploitation grâce au Microsoft Safety Scanner ;
tenter de remédier aux compromissions par certaines méthodes connues ayant été révélées par le Microsoft Safety Scanner.

Microsoft insiste sur le fait que l'utilisation de ce script ne dispense pas de l'installation de la mise à jour et que cet outil ne protège que contre les menaces connues.

Microsoft précise que cet outil a été testé sur les versions 2013, 2016 et 2019 d'Exchange Server [9].

Solution

Pour rappel, seuls les deux derniers Cumulative Update (CU) des serveurs Exchange en version 2013, 2016 et 2019 sont maintenus à jour et reçoivent les correctifs de sécurité.

Des correctifs de sécurité sont donc disponibles pour :

Exchange Server 2013 CU 23
Exchange Server 2016 CU 19 et CU 18
Exchange Server 2019 CU 8 et CU 7
Exchange Server 2010 SP3 Rollup 30

Pour des versions antérieures, il faut appliquer les Cumulative Update ou les Rollup pour Exchange 2010 en amont de l’application du correctif. Microsoft a publié une procédure accompagnée d’une Foire Aux Questions [2].

La mise à jour d'un produit ou d'un logiciel est une opération délicate qui doit être menée avec prudence. Il est notamment recommander d'effectuer des tests autant que possible. Des dispositions doivent également être prises pour garantir la continuité de service en cas de difficultés lors de l'application des mises à jour comme des correctifs ou des changements de version.

Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019

Les solutions Exchange Online ne sont pas affectées par les vulnérabilités.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft	2021-03-02	vendor-advisory
[2]	-	other
[9]	-	other
Présentation de l'outil Microsoft EOMT du 15 mars 2021	-	other
Avis CERT-FR du 03 mars 2021	-	other
[8]	-	other
GitHub Microsoft CSS-Exchange	-	other
[4]	-	other
[3]	-	other
[7]	-	other
[5]	-	other
[6]	-	other
[1]	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eMicrosoft Exchange Server 2010\u003c/li\u003e \u003cli\u003eMicrosoft Exchange Server 2013\u003c/li\u003e \u003cli\u003eMicrosoft Exchange Server 2016\u003c/li\u003e \u003cli\u003eMicrosoft Exchange Server 2019\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes solutions Exchange Online ne sont pas affect\u00e9es par les vuln\u00e9rabilit\u00e9s.\u003c/p\u003e ",
  "closed_at": "2021-07-16",
  "content": "## Contournement provisoire\n\n**\\[version du 16 mars 2021\\]**\n\nL\u0027 outil\u00a0*Exchange On-premises Mitigation Tool* (EOMT) fourni par\nMicrosoft le 15 mars 2021 a trois fonctions :\n\n-   chercher \u00e0 emp\u00eacher les exploitations connues de la\n    vuln\u00e9rabilit\u00e9\u00a0CVE-2021-26855 affectant les serveurs Exchange ;\n-   rechercher sur le syst\u00e8me des traces connues d\u0027exploitation gr\u00e2ce\n    au\u00a0*Microsoft Safety Scanner* ;\n-   tenter de rem\u00e9dier aux compromissions par certaines m\u00e9thodes connues\n    ayant \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es par le\u00a0*Microsoft Safety Scanner*.\n\nMicrosoft insiste sur le fait que l\u0027utilisation de ce script ne dispense\npas de l\u0027installation de la mise \u00e0 jour et que cet outil ne prot\u00e8ge que\ncontre les menaces connues.\n\nMicrosoft pr\u00e9cise que cet outil a \u00e9t\u00e9 test\u00e9 sur les versions\u00a02013, 2016\net 2019 d\u0027Exchange Server \\[9\\].\n\n## Solution\n\n**Pour rappel**, seuls les deux derniers Cumulative Update (CU) des\nserveurs Exchange en version 2013, 2016 et 2019 sont maintenus \u00e0 jour et\nre\u00e7oivent les correctifs de s\u00e9curit\u00e9.\n\nDes correctifs de s\u00e9curit\u00e9 sont donc disponibles pour :\n\n-   Exchange Server 2013 CU 23\n-   Exchange Server 2016 CU 19 et CU 18\n-   Exchange Server 2019 CU 8 et CU 7\n-   Exchange Server 2010 SP3 Rollup 30\n\nPour des versions ant\u00e9rieures, il faut appliquer les Cumulative Update\nou les Rollup pour Exchange 2010 en amont de l\u2019application du correctif.\nMicrosoft a publi\u00e9 une proc\u00e9dure accompagn\u00e9e d\u2019une Foire Aux Questions\n\\[2\\].\n\n------------------------------------------------------------------------\n\nLa mise \u00e0 jour d\u0027un produit ou d\u0027un logiciel est une op\u00e9ration d\u00e9licate\nqui doit \u00eatre men\u00e9e avec prudence. Il est notamment recommander\nd\u0027effectuer des tests autant que possible. Des dispositions doivent\n\u00e9galement \u00eatre prises pour garantir la continuit\u00e9 de service en cas de\ndifficult\u00e9s lors de l\u0027application des mises \u00e0 jour comme des correctifs\nou des changements de version.\n",
  "cves": [
    {
      "name": "CVE-2021-26858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26858"
    },
    {
      "name": "CVE-2021-27078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27078"
    },
    {
      "name": "CVE-2021-26857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26857"
    },
    {
      "name": "CVE-2021-26855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26855"
    },
    {
      "name": "CVE-2021-27065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27065"
    },
    {
      "name": "CVE-2021-26412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26412"
    },
    {
      "name": "CVE-2021-26854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26854"
    }
  ],
  "links": [
    {
      "title": "[2]",
      "url": "https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901"
    },
    {
      "title": "[9]",
      "url": "https://github.com/microsoft/CSS-Exchange/tree/main/Security"
    },
    {
      "title": "Pr\u00e9sentation de l\u0027outil Microsoft EOMT du 15 mars 2021",
      "url": "https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/"
    },
    {
      "title": "Avis CERT-FR du 03 mars 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-156/"
    },
    {
      "title": "[8]",
      "url": "https://techcommunity.microsoft.com/t5/exchange-team-blog/march-2021-exchange-server-security-updates-for-older-cumulative/ba-p/2192020"
    },
    {
      "title": "GitHub Microsoft CSS-Exchange",
      "url": "https://github.com/microsoft/CSS-Exchange/tree/main/Security"
    },
    {
      "title": "[4]",
      "url": "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
    },
    {
      "title": "[3]",
      "url": "https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/"
    },
    {
      "title": "[7]",
      "url": "https://us-cert.cisa.gov/ncas/alerts/aa21-062a"
    },
    {
      "title": "[5]",
      "url": "https://github.com/microsoft/CSS-Exchange/tree/main/Security"
    },
    {
      "title": "[6]",
      "url": "https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/"
    },
    {
      "title": "[1]",
      "url": "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
    }
  ],
  "reference": "CERTFR-2021-ALE-004",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-03T00:00:00.000000"
    },
    {
      "description": "Clarification sur les syst\u00e8mes affect\u00e9s",
      "revision_date": "2021-03-03T00:00:00.000000"
    },
    {
      "description": "Ajout des informations communiqu\u00e9es par Microsoft",
      "revision_date": "2021-03-08T00:00:00.000000"
    },
    {
      "description": "Ajout des recommandations du CISA",
      "revision_date": "2021-03-08T00:00:00.000000"
    },
    {
      "description": "Ajout des informations concernant les correctifs pour les anciens Cumulative Updates",
      "revision_date": "2021-03-09T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027outil EOMT de Microsoft.",
      "revision_date": "2021-03-16T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2021-07-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[version du 16 mars 2021\\]\u003c/strong\u003e\n\nle 15 mars 2021, Microsoft a publi\u00e9 un nouvel outil dont le but annonc\u00e9\nest d\u0027aider leurs clients \u00e0 se prot\u00e9ger de l\u0027exploitation de la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2021-26855 affectant les serveurs de courrier Exchange\nen attendant l\u0027application des mises \u00e0 jour\n[(https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/).](https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/)\n\nLes d\u00e9tails de cet outil sont d\u00e9velopp\u00e9s dans la section \"Contournement\nprovisoire\".\n\nLe CERT-FR souhaite cependant insister sur plusieurs points:\n\n-   Cet outil ne prot\u00e8ge que contre une exploitation future de la\n    vuln\u00e9rabilit\u00e9 CVE-2021-26855, en attendant l\u0027application de la mise\n    \u00e0 jour fournie le 2 mars 2021 ;\n-   Les vuln\u00e9rabilit\u00e9s ayant \u00e9t\u00e9 exploit\u00e9es avant la publication des\n    correctifs, puis de fa\u00e7on massive, tous les serveurs Exchange\n    doivent \u00eatre consid\u00e9r\u00e9s comme compromis. L\u0027utilisation de cet outil\n    ne remplace pas l\u0027\u00e9tape de recherche de compromission (voir les\n    recommandations de cette alerte) ;\n-   De plus en plus de codes d\u0027exploitation sont publiquement\n    disponibles. L\u0027outil de Microsoft tente d\u0027annuler certaines\n    modifications malveillantes r\u00e9alis\u00e9es lors de l\u0027exploitation de la\n    vuln\u00e9rabilit\u00e9 CVE-2021-26855, mais cela ne fonctionne que pour une\n    partie des codes d\u0027exploitation connus.\n\n\u003cstrong\u003e\\[version du 9 mars 2021\\]\u003c/strong\u003e\n\nLe CERT-FR recommande fortement de toujours maintenir les serveurs\nExchange dans une version maintenue par l\u0027\u00e9diteur, notamment en\nappliquant les derniers *Cumulative Updates (CU)*. Cependant, \u00e9tant\ndonn\u00e9 l\u0027urgence de la situation, dans le cas o\u00f9 l\u0027application d\u0027un *CU*\nne peut pas se faire imm\u00e9diatement, l\u0027\u00e9diteur a publi\u00e9 un correctif pour\nles anciens *CU* des versions Exchange 2016 et 2019\n[\\[8\\]](https://techcommunity.microsoft.com/t5/exchange-team-blog/march-2021-exchange-server-security-updates-for-older-cumulative/ba-p/2192020).\n\nNote importante : Le CERT-FR insiste sur l\u0027importance de bien suivre les\nrecommandations de l\u0027\u00e9diteur pour l\u0027application des correctifs : en\nparticulier, en cas d\u0027installation manuelle du fichier .msp, il est\nobligatoire d\u0027avoir les droits administrateur au moment de son\ninstallation.\n\n\u003cstrong\u003e\\[version du 8 mars 2021\\]\u003c/strong\u003e\n\nMicrosoft a publi\u00e9 un code\n[\\[5\\]](https://github.com/microsoft/CSS-Exchange/tree/main/Security)\npermettant de v\u00e9rifier la pr\u00e9sence des indicateurs de compromission\n(IoCs) li\u00e9s au mode op\u00e9ratoire *Hafnium*. Un d\u00e9tail de l\u0027utilisation de\nce code est disponible dans la section *\"scan Exchange log files\"* de\nl\u2019article *\"HAFNIUM targeting Exchange Servers with 0-day exploits\"*\n[\\[1\\]](https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/).\n\nA d\u00e9faut d\u0027appliquer le correctif imm\u00e9diatement, des mesures de\ncontournement \u003cstrong\u003eprovisoires\u003c/strong\u003e ont \u00e9t\u00e9 propos\u00e9es par l\u0027\u00e9diteur pour les\nversions 2013, 2016 et 2019 des serveurs Exchange\n[\\[6\\]](https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/).\nCependant, contrairement aux correctifs, ces mesures ont un impact sur\nles fonctionnalit\u00e9s des serveurs Exchange et ne garantissent pas une\nprotection compl\u00e8te contre ces vuln\u00e9rabilit\u00e9s.\n\nDe plus, dans le cas o\u00f9 l\u0027application du correctif n\u0027est pas imm\u00e9diate,\nle CISA recommande de restreindre les acc\u00e8s externes des plateformes\nExchange expos\u00e9es en appliquant les mesures suivantes\u00a0\n[\\[7\\]](https://us-cert.cisa.gov/ncas/alerts/aa21-062a) :\n\n-   Bloquer les connections non v\u00e9rifi\u00e9es qui peuvent acc\u00e9der aux\n    serveurs Exchange sur le port 443, ou mettre en place un VPN afin\n    qu\u0027il ne soit plus directement expos\u00e9 sur Internet ;\n-   Restreindre les acc\u00e8s externes :\n    -   \u00c0 l\u0027url OWA : /owa/ ;\n    -   \u00c0 l\u0027url Exchange Admin Center (EAC) aka Exchange Control Panel\n        (ECP) : /ecp/\n\nMicrosoft met en avant la forte augmentation de l\u0027exploitation de ces\nquatre vuln\u00e9rabilit\u00e9s par des attaquants. Le CERT-FR rappelle donc le\nmotif \u003cstrong\u003eurgent\u003c/strong\u003e de la \u003cstrong\u003emise en place des correctifs de s\u00e9curit\u00e9\u003c/strong\u003e, ou\nau moins la restriction des acc\u00e8s \u00e0 la plateforme ainsi que la mise en\nplace des mesures de contournement le temps d\u0027appliquer ces correctifs.\n\n\u00a0\n\n\u003cstrong\u003e\\[version initiale\\]\u003c/strong\u003e\n\nLe 2 mars 2021, Microsoft a publi\u00e9 des correctifs concernant des\nvuln\u00e9rabilit\u00e9s critiques de type \u00ab\u00a0jour z\u00e9ro\u00a0\u00bb (zero day) affectant les\nserveurs de messagerie Exchange en version 2010, 2013, 2016 et 2019.\n\nCes vuln\u00e9rabilit\u00e9s permettent \u00e0 un attaquant de r\u00e9aliser une ex\u00e9cution\nde code arbitraire \u00e0 distance, permettant d\u2019obtenir *in fine* les droits\nde l\u2019administrateur de domaine Active Directory.\n\n-   CVE-2021-26855\u00a0: vuln\u00e9rabilit\u00e9 c\u00f4t\u00e9 serveur de type SSRF permettant\n    \u00e0 l\u2018attaquant non authentifi\u00e9 d\u2019envoyer des requ\u00eates HTTP\n    arbitraires qui seront ex\u00e9cut\u00e9es sous l\u2019identit\u00e9 du serveur\n    Exchange.\n-   CVE-2021-27065\u00a0: vuln\u00e9rabilit\u00e9 post-authentification permettant \u00e0\n    l\u2019attaquant de pouvoir \u00e9crire un contenu arbitraire dans un fichier.\n    Les droits d\u2019acc\u00e8s peuvent \u00eatre obtenus soit en exploitant la\n    CVE-2021-26855 soit en compromettant les identifiants d\u2019un\n    administrateur l\u00e9gitime.\n-   CVE-2021-26857\u00a0: vuln\u00e9rabilit\u00e9 bas\u00e9e sur une faiblesse de la\n    d\u00e9s\u00e9rialisation dans le service de messagerie unifi\u00e9e (Unified\n    Messaging). Cette vuln\u00e9rabilit\u00e9 permet \u00e0 l\u2019attaquant de pouvoir\n    ex\u00e9cuter du code arbitraire \u00e0 distance avec les privil\u00e8ges SYSTEM\n    sur le serveur Exchange. L\u2019exploitation de cette vuln\u00e9rabilit\u00e9\n    demande les droits administrateurs (ou l\u2019exploitation d\u2019une autre\n    vuln\u00e9rabilit\u00e9).\n-   CVE-2021-26858\u00a0: vuln\u00e9rabilit\u00e9 post-authentification permettant \u00e0\n    l\u2019attaquant de pouvoir \u00e9crire un contenu arbitraire dans un fichier.\n    Les droits d\u2019acc\u00e8s peuvent \u00eatre obtenus soit en exploitant la\n    CVE-2021-26855 soit en compromettant les identifiants d\u2019un\n    administrateur l\u00e9gitime.\n\nL\u2019\u00e9diteur indique que ces vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 exploit\u00e9es dans des\nattaques cibl\u00e9es qu\u0027il attribue \u00e0 un groupe d\u2019attaquants appel\u00e9\n*Hafnium*\n[\\[1\\]](https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/).\nEn compl\u00e9ment, les chercheurs de Volexity indiquent avoir d\u00e9tect\u00e9 des\npremi\u00e8res attaques d\u00e8s janvier 2021\n[\\[4\\]](https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/).\n\nAu vu de la criticit\u00e9 de ces vuln\u00e9rabilit\u00e9s, l\u2019ANSSI recommande\nfortement de r\u00e9aliser les actions suivantes\u00a0:\n\n-   d\u00e9connecter imm\u00e9diatement les serveurs Exchange qui seraient expos\u00e9s\n    sur Internet sans protection le temps d\u2019appliquer les correctifs ;\n-   appliquer imm\u00e9diatement les correctifs de s\u00e9curit\u00e9 fournis par\n    l\u2019\u00e9diteur sur l\u2019ensemble des serveurs Exchange expos\u00e9s sur Internet\n    puis en interne ;\n-   proc\u00e9der \u00e0 l\u2019analyse des serveurs Exchange afin d\u2019identifier une\n    possible compromission \u00e0 l\u2019aide des indicateurs de compromission\n    publi\u00e9s par l\u2019\u00e9diteur\n    [\\[1\\]](https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/)\u00a0et\n    de Volexity\n    [\\[4\\]](https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/).\n    Une premi\u00e8re \u00e9tape consistera notamment \u00e0 effectuer une recherche\n    d\u0027ant\u00e9c\u00e9dents dans les logs des serveurs web de Outlook Web Access\n    afin de d\u00e9celer d\u0027\u00e9ventuelles requ\u00eates de type *POST* vers\n    */owa/auth/Current/themes/resources/* ;\n-   en cas de compromission, de contr\u00f4ler le syst\u00e8me d\u2019information pour\n    d\u00e9tecter d\u2019\u00e9ventuelles lat\u00e9ralisations ainsi qu\u2019une compromission\n    des serveurs Active Directory.\n\n\u00a0\n\nEnfin, le CERT-FR rappelle que les serveurs Microsoft Exchange ne\ndevraient pas \u00eatre expos\u00e9s sans protection sur Internet. Il est\nfortement recommand\u00e9 d\u2019appliquer les bonnes pratiques publi\u00e9es par\nl\u2019ANSSI pour le nomadisme\n[\\[3\\]](https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/).\n",
  "title": "[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Exchange Server",
  "vendor_advisories": [
    {
      "published_at": "2021-03-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft",
      "url": "https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/"
    }
  ]
}

CERTFR-2021-ALE-004

Vulnerability from certfr_alerte - Published: - Updated:

[version du 16 mars 2021]

Les détails de cet outil sont développés dans la section "Contournement provisoire".

Le CERT-FR souhaite cependant insister sur plusieurs points:

Cet outil ne protège que contre une exploitation future de la vulnérabilité CVE-2021-26855, en attendant l'application de la mise à jour fournie le 2 mars 2021 ;
Les vulnérabilités ayant été exploitées avant la publication des correctifs, puis de façon massive, tous les serveurs Exchange doivent être considérés comme compromis. L'utilisation de cet outil ne remplace pas l'étape de recherche de compromission (voir les recommandations de cette alerte) ;
De plus en plus de codes d'exploitation sont publiquement disponibles. L'outil de Microsoft tente d'annuler certaines modifications malveillantes réalisées lors de l'exploitation de la vulnérabilité CVE-2021-26855, mais cela ne fonctionne que pour une partie des codes d'exploitation connus.

[version du 9 mars 2021]

[version du 8 mars 2021]

Bloquer les connections non vérifiées qui peuvent accéder aux serveurs Exchange sur le port 443, ou mettre en place un VPN afin qu'il ne soit plus directement exposé sur Internet ;
Restreindre les accès externes :
- À l'url OWA : /owa/ ;
- À l'url Exchange Admin Center (EAC) aka Exchange Control Panel (ECP) : /ecp/

[version initiale]

CVE-2021-26855 : vulnérabilité côté serveur de type SSRF permettant à l‘attaquant non authentifié d’envoyer des requêtes HTTP arbitraires qui seront exécutées sous l’identité du serveur Exchange.
CVE-2021-27065 : vulnérabilité post-authentification permettant à l’attaquant de pouvoir écrire un contenu arbitraire dans un fichier. Les droits d’accès peuvent être obtenus soit en exploitant la CVE-2021-26855 soit en compromettant les identifiants d’un administrateur légitime.
CVE-2021-26857 : vulnérabilité basée sur une faiblesse de la désérialisation dans le service de messagerie unifiée (Unified Messaging). Cette vulnérabilité permet à l’attaquant de pouvoir exécuter du code arbitraire à distance avec les privilèges SYSTEM sur le serveur Exchange. L’exploitation de cette vulnérabilité demande les droits administrateurs (ou l’exploitation d’une autre vulnérabilité).
CVE-2021-26858 : vulnérabilité post-authentification permettant à l’attaquant de pouvoir écrire un contenu arbitraire dans un fichier. Les droits d’accès peuvent être obtenus soit en exploitant la CVE-2021-26855 soit en compromettant les identifiants d’un administrateur légitime.

Au vu de la criticité de ces vulnérabilités, l’ANSSI recommande fortement de réaliser les actions suivantes :

déconnecter immédiatement les serveurs Exchange qui seraient exposés sur Internet sans protection le temps d’appliquer les correctifs ;
appliquer immédiatement les correctifs de sécurité fournis par l’éditeur sur l’ensemble des serveurs Exchange exposés sur Internet puis en interne ;
procéder à l’analyse des serveurs Exchange afin d’identifier une possible compromission à l’aide des indicateurs de compromission publiés par l’éditeur [1] et de Volexity [4]. Une première étape consistera notamment à effectuer une recherche d'antécédents dans les logs des serveurs web de Outlook Web Access afin de déceler d'éventuelles requêtes de type POST vers /owa/auth/Current/themes/resources/ ;
en cas de compromission, de contrôler le système d’information pour détecter d’éventuelles latéralisations ainsi qu’une compromission des serveurs Active Directory.

Contournement provisoire

[version du 16 mars 2021]

L' outil Exchange On-premises Mitigation Tool (EOMT) fourni par Microsoft le 15 mars 2021 a trois fonctions :

chercher à empêcher les exploitations connues de la vulnérabilité CVE-2021-26855 affectant les serveurs Exchange ;
rechercher sur le système des traces connues d'exploitation grâce au Microsoft Safety Scanner ;
tenter de remédier aux compromissions par certaines méthodes connues ayant été révélées par le Microsoft Safety Scanner.

Microsoft insiste sur le fait que l'utilisation de ce script ne dispense pas de l'installation de la mise à jour et que cet outil ne protège que contre les menaces connues.

Microsoft précise que cet outil a été testé sur les versions 2013, 2016 et 2019 d'Exchange Server [9].

Solution

Pour rappel, seuls les deux derniers Cumulative Update (CU) des serveurs Exchange en version 2013, 2016 et 2019 sont maintenus à jour et reçoivent les correctifs de sécurité.

Des correctifs de sécurité sont donc disponibles pour :

Exchange Server 2013 CU 23
Exchange Server 2016 CU 19 et CU 18
Exchange Server 2019 CU 8 et CU 7
Exchange Server 2010 SP3 Rollup 30

Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019

Les solutions Exchange Online ne sont pas affectées par les vulnérabilités.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft	2021-03-02	vendor-advisory
[2]	-	other
[9]	-	other
Présentation de l'outil Microsoft EOMT du 15 mars 2021	-	other
Avis CERT-FR du 03 mars 2021	-	other
[8]	-	other
GitHub Microsoft CSS-Exchange	-	other
[4]	-	other
[3]	-	other
[7]	-	other
[5]	-	other
[6]	-	other
[1]	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eMicrosoft Exchange Server 2010\u003c/li\u003e \u003cli\u003eMicrosoft Exchange Server 2013\u003c/li\u003e \u003cli\u003eMicrosoft Exchange Server 2016\u003c/li\u003e \u003cli\u003eMicrosoft Exchange Server 2019\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes solutions Exchange Online ne sont pas affect\u00e9es par les vuln\u00e9rabilit\u00e9s.\u003c/p\u003e ",
  "closed_at": "2021-07-16",
  "content": "## Contournement provisoire\n\n**\\[version du 16 mars 2021\\]**\n\nL\u0027 outil\u00a0*Exchange On-premises Mitigation Tool* (EOMT) fourni par\nMicrosoft le 15 mars 2021 a trois fonctions :\n\n-   chercher \u00e0 emp\u00eacher les exploitations connues de la\n    vuln\u00e9rabilit\u00e9\u00a0CVE-2021-26855 affectant les serveurs Exchange ;\n-   rechercher sur le syst\u00e8me des traces connues d\u0027exploitation gr\u00e2ce\n    au\u00a0*Microsoft Safety Scanner* ;\n-   tenter de rem\u00e9dier aux compromissions par certaines m\u00e9thodes connues\n    ayant \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es par le\u00a0*Microsoft Safety Scanner*.\n\nMicrosoft insiste sur le fait que l\u0027utilisation de ce script ne dispense\npas de l\u0027installation de la mise \u00e0 jour et que cet outil ne prot\u00e8ge que\ncontre les menaces connues.\n\nMicrosoft pr\u00e9cise que cet outil a \u00e9t\u00e9 test\u00e9 sur les versions\u00a02013, 2016\net 2019 d\u0027Exchange Server \\[9\\].\n\n## Solution\n\n**Pour rappel**, seuls les deux derniers Cumulative Update (CU) des\nserveurs Exchange en version 2013, 2016 et 2019 sont maintenus \u00e0 jour et\nre\u00e7oivent les correctifs de s\u00e9curit\u00e9.\n\nDes correctifs de s\u00e9curit\u00e9 sont donc disponibles pour :\n\n-   Exchange Server 2013 CU 23\n-   Exchange Server 2016 CU 19 et CU 18\n-   Exchange Server 2019 CU 8 et CU 7\n-   Exchange Server 2010 SP3 Rollup 30\n\nPour des versions ant\u00e9rieures, il faut appliquer les Cumulative Update\nou les Rollup pour Exchange 2010 en amont de l\u2019application du correctif.\nMicrosoft a publi\u00e9 une proc\u00e9dure accompagn\u00e9e d\u2019une Foire Aux Questions\n\\[2\\].\n\n------------------------------------------------------------------------\n\nLa mise \u00e0 jour d\u0027un produit ou d\u0027un logiciel est une op\u00e9ration d\u00e9licate\nqui doit \u00eatre men\u00e9e avec prudence. Il est notamment recommander\nd\u0027effectuer des tests autant que possible. Des dispositions doivent\n\u00e9galement \u00eatre prises pour garantir la continuit\u00e9 de service en cas de\ndifficult\u00e9s lors de l\u0027application des mises \u00e0 jour comme des correctifs\nou des changements de version.\n",
  "cves": [
    {
      "name": "CVE-2021-26858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26858"
    },
    {
      "name": "CVE-2021-27078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27078"
    },
    {
      "name": "CVE-2021-26857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26857"
    },
    {
      "name": "CVE-2021-26855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26855"
    },
    {
      "name": "CVE-2021-27065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27065"
    },
    {
      "name": "CVE-2021-26412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26412"
    },
    {
      "name": "CVE-2021-26854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26854"
    }
  ],
  "links": [
    {
      "title": "[2]",
      "url": "https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901"
    },
    {
      "title": "[9]",
      "url": "https://github.com/microsoft/CSS-Exchange/tree/main/Security"
    },
    {
      "title": "Pr\u00e9sentation de l\u0027outil Microsoft EOMT du 15 mars 2021",
      "url": "https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/"
    },
    {
      "title": "Avis CERT-FR du 03 mars 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-156/"
    },
    {
      "title": "[8]",
      "url": "https://techcommunity.microsoft.com/t5/exchange-team-blog/march-2021-exchange-server-security-updates-for-older-cumulative/ba-p/2192020"
    },
    {
      "title": "GitHub Microsoft CSS-Exchange",
      "url": "https://github.com/microsoft/CSS-Exchange/tree/main/Security"
    },
    {
      "title": "[4]",
      "url": "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
    },
    {
      "title": "[3]",
      "url": "https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/"
    },
    {
      "title": "[7]",
      "url": "https://us-cert.cisa.gov/ncas/alerts/aa21-062a"
    },
    {
      "title": "[5]",
      "url": "https://github.com/microsoft/CSS-Exchange/tree/main/Security"
    },
    {
      "title": "[6]",
      "url": "https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/"
    },
    {
      "title": "[1]",
      "url": "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
    }
  ],
  "reference": "CERTFR-2021-ALE-004",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-03T00:00:00.000000"
    },
    {
      "description": "Clarification sur les syst\u00e8mes affect\u00e9s",
      "revision_date": "2021-03-03T00:00:00.000000"
    },
    {
      "description": "Ajout des informations communiqu\u00e9es par Microsoft",
      "revision_date": "2021-03-08T00:00:00.000000"
    },
    {
      "description": "Ajout des recommandations du CISA",
      "revision_date": "2021-03-08T00:00:00.000000"
    },
    {
      "description": "Ajout des informations concernant les correctifs pour les anciens Cumulative Updates",
      "revision_date": "2021-03-09T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027outil EOMT de Microsoft.",
      "revision_date": "2021-03-16T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2021-07-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cstrong\u003e\\[version du 16 mars 2021\\]\u003c/strong\u003e\n\nle 15 mars 2021, Microsoft a publi\u00e9 un nouvel outil dont le but annonc\u00e9\nest d\u0027aider leurs clients \u00e0 se prot\u00e9ger de l\u0027exploitation de la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2021-26855 affectant les serveurs de courrier Exchange\nen attendant l\u0027application des mises \u00e0 jour\n[(https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/).](https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/)\n\nLes d\u00e9tails de cet outil sont d\u00e9velopp\u00e9s dans la section \"Contournement\nprovisoire\".\n\nLe CERT-FR souhaite cependant insister sur plusieurs points:\n\n-   Cet outil ne prot\u00e8ge que contre une exploitation future de la\n    vuln\u00e9rabilit\u00e9 CVE-2021-26855, en attendant l\u0027application de la mise\n    \u00e0 jour fournie le 2 mars 2021 ;\n-   Les vuln\u00e9rabilit\u00e9s ayant \u00e9t\u00e9 exploit\u00e9es avant la publication des\n    correctifs, puis de fa\u00e7on massive, tous les serveurs Exchange\n    doivent \u00eatre consid\u00e9r\u00e9s comme compromis. L\u0027utilisation de cet outil\n    ne remplace pas l\u0027\u00e9tape de recherche de compromission (voir les\n    recommandations de cette alerte) ;\n-   De plus en plus de codes d\u0027exploitation sont publiquement\n    disponibles. L\u0027outil de Microsoft tente d\u0027annuler certaines\n    modifications malveillantes r\u00e9alis\u00e9es lors de l\u0027exploitation de la\n    vuln\u00e9rabilit\u00e9 CVE-2021-26855, mais cela ne fonctionne que pour une\n    partie des codes d\u0027exploitation connus.\n\n\u003cstrong\u003e\\[version du 9 mars 2021\\]\u003c/strong\u003e\n\nLe CERT-FR recommande fortement de toujours maintenir les serveurs\nExchange dans une version maintenue par l\u0027\u00e9diteur, notamment en\nappliquant les derniers *Cumulative Updates (CU)*. Cependant, \u00e9tant\ndonn\u00e9 l\u0027urgence de la situation, dans le cas o\u00f9 l\u0027application d\u0027un *CU*\nne peut pas se faire imm\u00e9diatement, l\u0027\u00e9diteur a publi\u00e9 un correctif pour\nles anciens *CU* des versions Exchange 2016 et 2019\n[\\[8\\]](https://techcommunity.microsoft.com/t5/exchange-team-blog/march-2021-exchange-server-security-updates-for-older-cumulative/ba-p/2192020).\n\nNote importante : Le CERT-FR insiste sur l\u0027importance de bien suivre les\nrecommandations de l\u0027\u00e9diteur pour l\u0027application des correctifs : en\nparticulier, en cas d\u0027installation manuelle du fichier .msp, il est\nobligatoire d\u0027avoir les droits administrateur au moment de son\ninstallation.\n\n\u003cstrong\u003e\\[version du 8 mars 2021\\]\u003c/strong\u003e\n\nMicrosoft a publi\u00e9 un code\n[\\[5\\]](https://github.com/microsoft/CSS-Exchange/tree/main/Security)\npermettant de v\u00e9rifier la pr\u00e9sence des indicateurs de compromission\n(IoCs) li\u00e9s au mode op\u00e9ratoire *Hafnium*. Un d\u00e9tail de l\u0027utilisation de\nce code est disponible dans la section *\"scan Exchange log files\"* de\nl\u2019article *\"HAFNIUM targeting Exchange Servers with 0-day exploits\"*\n[\\[1\\]](https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/).\n\nA d\u00e9faut d\u0027appliquer le correctif imm\u00e9diatement, des mesures de\ncontournement \u003cstrong\u003eprovisoires\u003c/strong\u003e ont \u00e9t\u00e9 propos\u00e9es par l\u0027\u00e9diteur pour les\nversions 2013, 2016 et 2019 des serveurs Exchange\n[\\[6\\]](https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/).\nCependant, contrairement aux correctifs, ces mesures ont un impact sur\nles fonctionnalit\u00e9s des serveurs Exchange et ne garantissent pas une\nprotection compl\u00e8te contre ces vuln\u00e9rabilit\u00e9s.\n\nDe plus, dans le cas o\u00f9 l\u0027application du correctif n\u0027est pas imm\u00e9diate,\nle CISA recommande de restreindre les acc\u00e8s externes des plateformes\nExchange expos\u00e9es en appliquant les mesures suivantes\u00a0\n[\\[7\\]](https://us-cert.cisa.gov/ncas/alerts/aa21-062a) :\n\n-   Bloquer les connections non v\u00e9rifi\u00e9es qui peuvent acc\u00e9der aux\n    serveurs Exchange sur le port 443, ou mettre en place un VPN afin\n    qu\u0027il ne soit plus directement expos\u00e9 sur Internet ;\n-   Restreindre les acc\u00e8s externes :\n    -   \u00c0 l\u0027url OWA : /owa/ ;\n    -   \u00c0 l\u0027url Exchange Admin Center (EAC) aka Exchange Control Panel\n        (ECP) : /ecp/\n\nMicrosoft met en avant la forte augmentation de l\u0027exploitation de ces\nquatre vuln\u00e9rabilit\u00e9s par des attaquants. Le CERT-FR rappelle donc le\nmotif \u003cstrong\u003eurgent\u003c/strong\u003e de la \u003cstrong\u003emise en place des correctifs de s\u00e9curit\u00e9\u003c/strong\u003e, ou\nau moins la restriction des acc\u00e8s \u00e0 la plateforme ainsi que la mise en\nplace des mesures de contournement le temps d\u0027appliquer ces correctifs.\n\n\u00a0\n\n\u003cstrong\u003e\\[version initiale\\]\u003c/strong\u003e\n\nLe 2 mars 2021, Microsoft a publi\u00e9 des correctifs concernant des\nvuln\u00e9rabilit\u00e9s critiques de type \u00ab\u00a0jour z\u00e9ro\u00a0\u00bb (zero day) affectant les\nserveurs de messagerie Exchange en version 2010, 2013, 2016 et 2019.\n\nCes vuln\u00e9rabilit\u00e9s permettent \u00e0 un attaquant de r\u00e9aliser une ex\u00e9cution\nde code arbitraire \u00e0 distance, permettant d\u2019obtenir *in fine* les droits\nde l\u2019administrateur de domaine Active Directory.\n\n-   CVE-2021-26855\u00a0: vuln\u00e9rabilit\u00e9 c\u00f4t\u00e9 serveur de type SSRF permettant\n    \u00e0 l\u2018attaquant non authentifi\u00e9 d\u2019envoyer des requ\u00eates HTTP\n    arbitraires qui seront ex\u00e9cut\u00e9es sous l\u2019identit\u00e9 du serveur\n    Exchange.\n-   CVE-2021-27065\u00a0: vuln\u00e9rabilit\u00e9 post-authentification permettant \u00e0\n    l\u2019attaquant de pouvoir \u00e9crire un contenu arbitraire dans un fichier.\n    Les droits d\u2019acc\u00e8s peuvent \u00eatre obtenus soit en exploitant la\n    CVE-2021-26855 soit en compromettant les identifiants d\u2019un\n    administrateur l\u00e9gitime.\n-   CVE-2021-26857\u00a0: vuln\u00e9rabilit\u00e9 bas\u00e9e sur une faiblesse de la\n    d\u00e9s\u00e9rialisation dans le service de messagerie unifi\u00e9e (Unified\n    Messaging). Cette vuln\u00e9rabilit\u00e9 permet \u00e0 l\u2019attaquant de pouvoir\n    ex\u00e9cuter du code arbitraire \u00e0 distance avec les privil\u00e8ges SYSTEM\n    sur le serveur Exchange. L\u2019exploitation de cette vuln\u00e9rabilit\u00e9\n    demande les droits administrateurs (ou l\u2019exploitation d\u2019une autre\n    vuln\u00e9rabilit\u00e9).\n-   CVE-2021-26858\u00a0: vuln\u00e9rabilit\u00e9 post-authentification permettant \u00e0\n    l\u2019attaquant de pouvoir \u00e9crire un contenu arbitraire dans un fichier.\n    Les droits d\u2019acc\u00e8s peuvent \u00eatre obtenus soit en exploitant la\n    CVE-2021-26855 soit en compromettant les identifiants d\u2019un\n    administrateur l\u00e9gitime.\n\nL\u2019\u00e9diteur indique que ces vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 exploit\u00e9es dans des\nattaques cibl\u00e9es qu\u0027il attribue \u00e0 un groupe d\u2019attaquants appel\u00e9\n*Hafnium*\n[\\[1\\]](https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/).\nEn compl\u00e9ment, les chercheurs de Volexity indiquent avoir d\u00e9tect\u00e9 des\npremi\u00e8res attaques d\u00e8s janvier 2021\n[\\[4\\]](https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/).\n\nAu vu de la criticit\u00e9 de ces vuln\u00e9rabilit\u00e9s, l\u2019ANSSI recommande\nfortement de r\u00e9aliser les actions suivantes\u00a0:\n\n-   d\u00e9connecter imm\u00e9diatement les serveurs Exchange qui seraient expos\u00e9s\n    sur Internet sans protection le temps d\u2019appliquer les correctifs ;\n-   appliquer imm\u00e9diatement les correctifs de s\u00e9curit\u00e9 fournis par\n    l\u2019\u00e9diteur sur l\u2019ensemble des serveurs Exchange expos\u00e9s sur Internet\n    puis en interne ;\n-   proc\u00e9der \u00e0 l\u2019analyse des serveurs Exchange afin d\u2019identifier une\n    possible compromission \u00e0 l\u2019aide des indicateurs de compromission\n    publi\u00e9s par l\u2019\u00e9diteur\n    [\\[1\\]](https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/)\u00a0et\n    de Volexity\n    [\\[4\\]](https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/).\n    Une premi\u00e8re \u00e9tape consistera notamment \u00e0 effectuer une recherche\n    d\u0027ant\u00e9c\u00e9dents dans les logs des serveurs web de Outlook Web Access\n    afin de d\u00e9celer d\u0027\u00e9ventuelles requ\u00eates de type *POST* vers\n    */owa/auth/Current/themes/resources/* ;\n-   en cas de compromission, de contr\u00f4ler le syst\u00e8me d\u2019information pour\n    d\u00e9tecter d\u2019\u00e9ventuelles lat\u00e9ralisations ainsi qu\u2019une compromission\n    des serveurs Active Directory.\n\n\u00a0\n\nEnfin, le CERT-FR rappelle que les serveurs Microsoft Exchange ne\ndevraient pas \u00eatre expos\u00e9s sans protection sur Internet. Il est\nfortement recommand\u00e9 d\u2019appliquer les bonnes pratiques publi\u00e9es par\nl\u2019ANSSI pour le nomadisme\n[\\[3\\]](https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/).\n",
  "title": "[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Exchange Server",
  "vendor_advisories": [
    {
      "published_at": "2021-03-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft",
      "url": "https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/"
    }
  ]
}

CERTFR-2021-AVI-156

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Microsoft Exchange Server. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange 2010
Microsoft	N/A	Microsoft Exchange 2013
Microsoft	N/A	Microsoft Exchange 2016
Microsoft	N/A	Microsoft Exchange 2019

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2021-26412 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-26855 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-27065 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-27078 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-26857 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-26854 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-26858 du 02 mars 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange 2010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange 2013",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange 2019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-27078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27078"
    },
    {
      "name": "CVE-2021-26858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26858"
    },
    {
      "name": "CVE-2021-27065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27065"
    },
    {
      "name": "CVE-2021-26855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26855"
    },
    {
      "name": "CVE-2021-26854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26854"
    },
    {
      "name": "CVE-2021-26857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26857"
    },
    {
      "name": "CVE-2021-26412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26412"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-156",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Exchange\nServer. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Exchange Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26412 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26412"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26855 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26855"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-27065 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-27065"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-27078 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-27078"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26857 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26857"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26854 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26854"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26858 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26858"
    }
  ]
}

CERTFR-2021-AVI-156

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Microsoft Exchange Server. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange 2010
Microsoft	N/A	Microsoft Exchange 2013
Microsoft	N/A	Microsoft Exchange 2016
Microsoft	N/A	Microsoft Exchange 2019

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2021-26412 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-26855 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-27065 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-27078 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-26857 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-26854 du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-26858 du 02 mars 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange 2010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange 2013",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange 2019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-27078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27078"
    },
    {
      "name": "CVE-2021-26858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26858"
    },
    {
      "name": "CVE-2021-27065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27065"
    },
    {
      "name": "CVE-2021-26855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26855"
    },
    {
      "name": "CVE-2021-26854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26854"
    },
    {
      "name": "CVE-2021-26857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26857"
    },
    {
      "name": "CVE-2021-26412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26412"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-156",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Exchange\nServer. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Exchange Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26412 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26412"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26855 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26855"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-27065 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-27065"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-27078 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-27078"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26857 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26857"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26854 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26854"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-26858 du 02 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-26858"
    }
  ]
}

BDU:2021-01121

Vulnerability from fstec - Published: 02.03.2021

Title

Уязвимость почтового сервера Microsoft Exchange Server, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю перезаписать произвольные файлы в системе

Description

Уязвимость почтового сервера Microsoft Exchange Server связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, перезаписать произвольные файлы в системе

Severity


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp

Software Name

Microsoft Exchange Server

Software Version

2016 Cumulative Update 8 (Microsoft Exchange Server), 2016 Cumulative Update 9 (Microsoft Exchange Server), 2013 Cumulative Update 21 (Microsoft Exchange Server), 2016 Cumulative Update 10 (Microsoft Exchange Server), 2016 Cumulative Update 11 (Microsoft Exchange Server), 2019 (Microsoft Exchange Server), 2013 Cumulative Update 22 (Microsoft Exchange Server), 2016 Cumulative Update 12 (Microsoft Exchange Server), 2019 Cumulative Update 1 (Microsoft Exchange Server), 2016 Cumulative Update 19 (Microsoft Exchange Server), 2013 Cumulative Update 23 (Microsoft Exchange Server), 2016 Cumulative Update 13 (Microsoft Exchange Server), 2019 Cumulative Update 2 (Microsoft Exchange Server), 2019 Cumulative Update 3 (Microsoft Exchange Server), 2019 Cumulative Update 14 (Microsoft Exchange Server), 2016 Cumulative Update 16 (Microsoft Exchange Server), 2016 Cumulative Update 17 (Microsoft Exchange Server), 2019 Cumulative Update 5 (Microsoft Exchange Server), 2019 Cumulative Update 6 (Microsoft Exchange Server), 2016 Cumulative Update 18 (Microsoft Exchange Server), 2019 Cumulative Update 7 (Microsoft Exchange Server), 2019 Cumulative Update 8 (Microsoft Exchange Server), 2016 Cumulative Update 15 (Microsoft Exchange Server), 2019 Cumulative Update 4 (Microsoft Exchange Server)

Possible Mitigations

Использование рекомендаций: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858 https://nvd.nist.gov/vuln/detail/CVE-2021-26858 https://www.cybersecurity-help.cz/vdb/SB2021030301 https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "2016 Cumulative Update 8 (Microsoft Exchange Server), 2016 Cumulative Update 9 (Microsoft Exchange Server), 2013 Cumulative Update 21 (Microsoft Exchange Server), 2016 Cumulative Update 10 (Microsoft Exchange Server), 2016 Cumulative Update 11 (Microsoft Exchange Server), 2019 (Microsoft Exchange Server), 2013 Cumulative Update 22 (Microsoft Exchange Server), 2016 Cumulative Update 12 (Microsoft Exchange Server), 2019 Cumulative Update 1 (Microsoft Exchange Server), 2016 Cumulative Update 19 (Microsoft Exchange Server), 2013 Cumulative Update 23 (Microsoft Exchange Server), 2016 Cumulative Update 13 (Microsoft Exchange Server), 2019 Cumulative Update 2 (Microsoft Exchange Server), 2019 Cumulative Update 3 (Microsoft Exchange Server), 2019 Cumulative Update 14 (Microsoft Exchange Server), 2016 Cumulative Update 16 (Microsoft Exchange Server), 2016 Cumulative Update 17 (Microsoft Exchange Server), 2019 Cumulative Update 5 (Microsoft Exchange Server), 2019 Cumulative Update 6 (Microsoft Exchange Server), 2016 Cumulative Update 18 (Microsoft Exchange Server), 2019 Cumulative Update 7 (Microsoft Exchange Server), 2019 Cumulative Update 8 (Microsoft Exchange Server), 2016 Cumulative Update 15 (Microsoft Exchange Server), 2019 Cumulative Update 4 (Microsoft Exchange Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.11.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.03.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01121",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-26858",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Exchange Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26858\nhttps://www.cybersecurity-help.cz/vdb/SB2021030301\nhttps://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CNVD-2021-14811

Vulnerability from cnvd - Published: 2021-03-07

Title

Microsoft Exchange Server任意文件写入漏洞

Description

Exchange是微软公司的一套电子邮件服务组件，是个消息与协作系统。 Microsoft Exchange Server任意文件写入漏洞。攻击者可利用该漏洞通过Exchange服务器进行身份验证后，将文件写入服务器上的任何路径。

Severity

高

Patch Name

Microsoft Exchange Server任意文件写入漏洞的补丁

Patch Description

Exchange是微软公司的一套电子邮件服务组件，是个消息与协作系统。 Microsoft Exchange Server任意文件写入漏洞。攻击者可利用该漏洞通过Exchange服务器进行身份验证后，将文件写入服务器上的任何路径。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855

Reference

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

Impacted products

Name
['Microsoft Exchange Server 2019 Cumulative Update 8', 'Microsoft Exchange Server 2019 Cumulative Update 7', 'Microsoft Exchange Server 2016 Cumulative Update 19', 'Microsoft Exchange Server 2013 Cumulative Update 23', 'Microsoft Exchange Server 2016 Cumulative Update 18']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-26858",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-26858"
    }
  },
  "description": "Exchange\u662f\u5fae\u8f6f\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u670d\u52a1\u7ec4\u4ef6\uff0c\u662f\u4e2a\u6d88\u606f\u4e0e\u534f\u4f5c\u7cfb\u7edf\u3002\n\nMicrosoft Exchange Server\u4efb\u610f\u6587\u4ef6\u5199\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7Exchange\u670d\u52a1\u5668\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u540e\uff0c\u5c06\u6587\u4ef6\u5199\u5165\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u4f55\u8def\u5f84\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-14811",
  "openTime": "2021-03-07",
  "patchDescription": "Exchange\u662f\u5fae\u8f6f\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u670d\u52a1\u7ec4\u4ef6\uff0c\u662f\u4e2a\u6d88\u606f\u4e0e\u534f\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Exchange Server\u4efb\u610f\u6587\u4ef6\u5199\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7Exchange\u670d\u52a1\u5668\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u540e\uff0c\u5c06\u6587\u4ef6\u5199\u5165\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u4f55\u8def\u5f84\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Exchange Server\u4efb\u610f\u6587\u4ef6\u5199\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Exchange Server 2019 Cumulative Update 8",
      "Microsoft Exchange Server 2019 Cumulative Update 7",
      "Microsoft Exchange Server 2016 Cumulative Update 19",
      "Microsoft Exchange Server 2013 Cumulative Update 23",
      "Microsoft Exchange Server 2016 Cumulative Update 18"
    ]
  },
  "referenceLink": "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/",
  "serverity": "\u9ad8",
  "submitTime": "2021-03-03",
  "title": "Microsoft Exchange Server\u4efb\u610f\u6587\u4ef6\u5199\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2021-26858

Vulnerability from fkie_nvd - Published: 2021-03-03 00:15 - Updated: 2026-06-17 03:43

CISA KEV KEVintel KEV

Severity

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Microsoft Exchange Server Remote Code Execution Vulnerability

References

URL	Tags
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858	Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26858	US Government Resource

Impacted products

Vendor	Product	Version
microsoft	exchange_server	2010
microsoft	exchange_server	2013
microsoft	exchange_server	2013
microsoft	exchange_server	2013
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2019
microsoft	exchange_server	2019
microsoft	exchange_server	2019
microsoft	exchange_server	2019
microsoft	exchange_server	2019
microsoft	exchange_server	2019
microsoft	exchange_server	2019
microsoft	exchange_server	2019
microsoft	exchange_server	2019

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2013 Cumulative Update 22",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.00.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 13",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2013 Cumulative Update 23",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.00.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 14",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 15",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 16",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 17",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 7",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 18",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 19",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2013 Cumulative Update 21",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.00.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 11",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "source": "secure@microsoft.com"
    }
  ],
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3E5EA9AD-1E84-4AB5-A1EF-3B9F2AC84755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*",
              "matchCriteriaId": "751FD35F-2ECD-4B75-9589-988CC6AD3058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
              "matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0C21F84B-E99C-451D-9EAF-6352FD2B0EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*",
              "matchCriteriaId": "63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*",
              "matchCriteriaId": "9BE04790-85A2-4078-88CE-1787BC5172E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*",
              "matchCriteriaId": "CCF101BE-27FD-4E2D-A694-C606BD3D1ED7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*",
              "matchCriteriaId": "4DF5BDB5-205D-4B64-A49A-0152AFCF4A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*",
              "matchCriteriaId": "55284CF7-0D04-4216-83FE-4B1F9CA94207",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*",
              "matchCriteriaId": "CA2CE223-AA49-49E6-AC32-59270EFF55AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*",
              "matchCriteriaId": "4830D6A9-AF74-480C-8F69-8648CD619980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*",
              "matchCriteriaId": "079E1E3F-FF25-4B0D-AC98-191D6455A014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*",
              "matchCriteriaId": "29805EC7-6403-44B9-91EC-109C087E98EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*",
              "matchCriteriaId": "28FCA0E8-7D27-4746-9731-91B834CA3E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*",
              "matchCriteriaId": "075E907F-AF2F-4C31-86C7-51972BE412A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*",
              "matchCriteriaId": "69AF19DC-3D65-49A8-A85F-511085CDF27B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*",
              "matchCriteriaId": "40D8A6DB-9225-4A3F-AD76-192F6CCCF002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*",
              "matchCriteriaId": "051DE6C4-7456-4C42-BC51-253208AADB4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*",
              "matchCriteriaId": "EE320413-D2C9-4B28-89BF-361B44A3F0FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*",
              "matchCriteriaId": "104F96DC-E280-4E0A-8586-B043B55888C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*",
              "matchCriteriaId": "73B3B3FE-7E85-4B86-A983-2C410FFEF4B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*",
              "matchCriteriaId": "8A9FB275-7F17-48B2-B528-BE89309D2AF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*",
              "matchCriteriaId": "D4AB3C25-CEA8-4D66-AEE4-953C8B17911A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*",
              "matchCriteriaId": "36CE5C6D-9A04-41F5-AE7C-265779833649",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*",
              "matchCriteriaId": "44ECF39A-1DE1-4870-A494-06A53494338D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una Vulnerabilidad de Ejecuci\u00f3n de c\u00f3digo remota de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078"
    }
  ],
  "id": "CVE-2021-26858",
  "lastModified": "2026-06-17T03:43:52.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2021-26858",
          "options": [
            {
              "exploitation": "active"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2025-02-04T19:16:00.589195Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2021-03-03T00:15:12.227",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26858"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-R4WP-245Q-VR5W

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2025-10-22 00:32

Details

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.

Severity

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-26858"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-03T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.",
  "id": "GHSA-r4wp-245q-vr5w",
  "modified": "2025-10-22T00:32:03Z",
  "published": "2022-05-24T17:43:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26858"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26858"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-26858

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.

Aliases

CVE-2021-26858

Aliases

CVE-2021-26858

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-26858",
    "description": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.",
    "id": "GSD-2021-26858"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-26858"
      ],
      "details": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.",
      "id": "GSD-2021-26858",
      "modified": "2023-12-13T01:23:33.935027Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2021-26858",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-04-16",
      "product": "Microsoft Exchange Server",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft OWA Exchange Control Panel (ECP) Exploit Chain"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2021-26858",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Exchange Server 2019",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2013 Cumulative Update 22",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.00.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 13",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2013 Cumulative Update 23",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.00.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 5",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 6",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 16",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 17",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 7",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 18",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 19",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 8",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2013 Cumulative Update 21",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.00.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 12",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 8",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 9",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 10",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 11",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2021-04-16",
        "cisaExploitAdd": "2021-11-03",
        "cisaRequiredAction": "Apply updates per vendor instructions.",
        "cisaVulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
                    "matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*",
                    "matchCriteriaId": "29805EC7-6403-44B9-91EC-109C087E98EB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*",
                    "matchCriteriaId": "28FCA0E8-7D27-4746-9731-91B834CA3E64",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*",
                    "matchCriteriaId": "36CE5C6D-9A04-41F5-AE7C-265779833649",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*",
                    "matchCriteriaId": "44ECF39A-1DE1-4870-A494-06A53494338D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
          },
          {
            "lang": "es",
            "value": "Una Vulnerabilidad de Ejecuci\u00f3n de c\u00f3digo remota de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078"
          }
        ],
        "id": "CVE-2021-26858",
        "lastModified": "2023-12-29T17:16:01.327",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "secure@microsoft.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2021-03-03T00:15:12.227",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-26858 (GCVE-0-2021-26858)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Confirmed Compromise Confidence: 70% Source: kevintel

Details

References

Contournement provisoire

Solution

Contournement provisoire

Solution

Solution

Solution

Tags

Sightings

Nomenclature