From 811dc2d70e73823f855e0907813d325030248523 Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Fri, 4 Feb 2022 11:13:25 -0500 Subject: [PATCH] Enhancement: cves/2021/CVE-2021-26855.yaml by mp --- cves/2021/CVE-2021-26855.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/cves/2021/CVE-2021-26855.yaml b/cves/2021/CVE-2021-26855.yaml index 657ae33b97..5562ef8916 100644 --- a/cves/2021/CVE-2021-26855.yaml +++ b/cves/2021/CVE-2021-26855.yaml @@ -1,13 +1,14 @@ id: CVE-2021-26855 info: - name: Exchange Server SSRF Vulnerability + name: Microsoft Exchange Server SSRF Vulnerability author: madrobot severity: critical - description: | - Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. + description: This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file. Be aware his CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-27078. + remediation: Apply the appropriate security update. tags: cve,cve2021,ssrf,rce,exchange,oast,microsoft reference: + - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855 - https://proxylogon.com/#timeline - https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse - https://www.shodan.io/search?query=vuln%3ACVE-2021-26855 @@ -28,4 +29,5 @@ requests: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - - "http" \ No newline at end of file + - "http" +# Enhanced by mp on 2022/02/04