Home / exploitsPDF  

Microsoft Exchange ProxyLogon Collector

Posted on 21 May 2021

This Metasploit module scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin by chaining this bug with another post-auth arbitrary-file-write vulnerability to get code execution. As a result, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server. This vulnerability affects Exchange 2013 versions below 15.00.1497.012, Exchange 2016 CU18 below 15.01.2106.013, Exchange 2016 CU19 below 15.01.2176.009, Exchange 2019 CU7 below 15.02.0721.013, and Exchange 2019 CU8 below 15.02.0792.010 . All components are vulnerable by default.

 

TOP