CVE-2021-31206

high

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

References

https://www.zerodayinitiative.com/advisories/ZDI-21-826/

https://cyware.com/resources/research-and-analysis/beneath-the-surface-avoslockers-ransomware-as-a-service-and-cybercrime-tactics-f14f

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://web.archive.org/web/20211025233339/https://twitter.com/pancak3lullz/status/1452679527197560837

https://www.tenable.com/blog/aa22-257a-cybersecurity-joint-advisory-on-iranian-islamic-revolutionary-guard-ransomware

https://www.tenable.com/blog/microsoft-s-july-2021-patch-tuesday-includes-116-cves-cve-2021-31979-cve-2021-33771

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206

Details

Source: Mitre, NVD

Published: 2021-07-14

Updated: 2023-12-28

Named Vulnerability: ProxyShell

Risk Information

CVSS v2

Base Score: 7.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Severity: High

EPSS

EPSS: 0.0655