Rewterz Threat Advisory – CVE-2021-42727 – Adobe RoboHelp Server Directory Traversal
November 24, 2021Rewterz Threat Update – Proof of Concept of CVE-2021-41379 and CVE-2021-42321 Released
November 24, 2021Rewterz Threat Advisory – CVE-2021-42727 – Adobe RoboHelp Server Directory Traversal
November 24, 2021Rewterz Threat Update – Proof of Concept of CVE-2021-41379 and CVE-2021-42321 Released
November 24, 2021Severity
High
Analysis Summary
Mass scanning activity detected from different hosts targeting Microsoft Exchange servers vulnerable to ProxyShell (CVE-2021-34473).It is critical to keep your servers patched to the latest security updates. Threat actors are using this leverage to identify the servers which are still unpatched and using this opportunity to deploy ransomware and post exploitations activities. ProxyShell is the name of three vulnerabilities that could be chained by an unauthenticated remote attacker to gain code execution on Microsoft Exchange servers.
CVE-2021-34473
Microsoft Exchange Server could allow a remote attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
Impact
- Remote Code Execution
Affected Vendors
Microsoft
Affected Products
- Microsoft Exchange Server 2019 Cumulative Update 9
- Microsoft Exchange Server 2013 Cumulative Update 23
- Microsoft Exchange Server 2019 Cumulative Update 8
- Microsoft Exchange Server 2016 Cumulative Update 19
- Microsoft Exchange Server 2016 Cumulative Update 20
Indicators of Compromise
IP
- 5[.]135[.]156[.]221
- 186[.]188[.]242[.]142
- 78[.]94[.]118[.]210
- 5[.]189[.]146[.]28
- 80[.]226[.]141[.]139
- 65[.]169[.]38[.]21
- 110[.]36[.]200[.]165
- 148[.]103[.]64[.]2
- 193[.]61[.]245[.]254
- 77[.]246[.]203[.]134
- 72[.]221[.]164[.]47
- 62[.]117[.]12[.]33
- 72[.]221[.]164[.]43
- 206[.]126[.]19[.]245
Remediation
Microsoft has released updates to correct this vulnerability. More details can be found at: