Detections
Analytics
CVE-2021-26855
critical
Description
Microsoft Exchange Server Remote Code Execution Vulnerability
From the Tenable Blog
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day Vulnerabilities in Microsoft Exchange Server Exploited in the Wild
Published: 2021-03-03
Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild.
References
https://thehackernews.com/2025/03/kaspersky-links-head-mare-to-twelve.html
https://securelist.com/head-mare-twelve-collaboration/115887/
https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/
https://www.darkreading.com/remote-workforce/china-silk-typhoon-it-supply-chain-attacks
https://thehackernews.com/2025/03/china-linked-silk-typhoon-expands-cyber.html
https://hackread.com/chinese-silk-typhoon-group-it-tools-network-breaches/
https://thehackernews.com/2025/01/new-eagerbee-variant-targets-isps-and.html
https://securelist.com/eagerbee-backdoor/115175/
https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/
https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html
https://www.trendmicro.com/en_us/research/24/k/earth-estries.html
https://www.darkreading.com/threat-intelligence/prometei-botnet-cryptojacker-worldwide
https://securelist.com/incident-response-interesting-cases-2023/113611/
https://unit42.paloaltonetworks.com/operation-diplomatic-specter/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
https://msrc.microsoft.com/blog/2021/03/multiple-security-updates-released-for-exchange-server/
https://www.tenable.com/blog/from-bugs-to-breaches-25-significant-cves-as-mitre-cve-turns-25
https://www.tenable.com/blog/microsofts-feb-2024-patch-tuesday-cve-2024-21351-cve-2024-21412
https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities
https://www.tenable.com/blog/microsoft-s-march-2021-patch-tuesday-addresses-82-cves-cve-2021-26411
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855
http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html
http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html
http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html
Details
Published: 2021-03-03
Updated: 2025-03-07
Named Vulnerability: ProxylogonNamed Vulnerability: ProxyShellNamed Vulnerability: ProxyNotShellNamed Vulnerability: ProxyLogonNamed Vulnerability: Microsoft Exchange Server breachNamed Vulnerability: Exchange Server vulnerabilityKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High
CVSS v3
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS
EPSS: 0.94286