HTTP: Microsoft Exchange Server Multiple Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft Exchange Server. A successful attack can lead to arbitrary code execution.
Extended Description
Microsoft Exchange Server Remote Code Execution Vulnerability
Affected Products
Microsoft exchange_server
References
CVE: CVE-2023-32031
URL: http://www.zerodayinitiative.com/advisories/ZDI-21-821/ https://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell https://www.zerodayinitiative.com/advisories/ZDI-21-821/ http://www.zerodayinitiative.com/advisories/ZDI-21-819/ https://www.zerodayinitiative.com/advisories/ZDI-21-819/ http://www.zerodayinitiative.com/advisories/ZDI-22-1624/ https://www.zerodayinitiative.com/advisories/ZDI-22-1624/ http://www.zerodayinitiative.com/advisories/ZDI-23-881/
Short Name
HTTP:CTS:CVE-2021-34473-RCE
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-31207 CVE-2021-34473 CVE-2021-34523 CVE-2022-41040 CVE-2022-41082 CVE-2022-42040 CVE-2023-21707 CVE-2023-32031 Code Exchange Execution Microsoft Multiple Remote Server
Release Date
07/13/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3665
False Positive
Unknown
Vendors
Microsoft
CVSS Score
6.5
8.8
10.0