CVE-2021-31207

medium

Description

Microsoft Exchange Server Security Feature Bypass Vulnerability

References

https://www.zerodayinitiative.com/advisories/ZDI-21-819/

https://thehackernews.com/2025/06/hackers-target-65-microsoft-exchange.html

https://www.securityweek.com/cisa-fbi-warn-of-china-linked-ghost-ransomware-attacks/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a

https://www.bleepingcomputer.com/news/security/cisa-and-fbi-ghost-ransomware-breached-orgs-in-70-countries/

https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a

https://therecord.media/fbi-says-bianlian-based-in-russia-switching-tactics

https://securelist.com/new-tropic-trooper-web-shell-infection/113737/

https://www.wsj.com/politics/national-security/u-s-allies-issue-rare-warning-on-chinese-hacking-group-9eebb0ce

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

https://thehackernews.com/2024/05/ms-exchange-server-flaws-exploited-to.html

https://research.nccgroup.com/2023/11/20/is-this-the-real-life-is-this-just-fantasy-caught-in-a-landslide-noescape-from-ncc-group/

https://www.zscaler.com/blogs/security-research/retrospective-avoslocker

https://cyware.com/resources/research-and-analysis/beneath-the-surface-avoslockers-ransomware-as-a-service-and-cybercrime-tactics-f14f

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report

https://duo.com/decipher/hive-ransomware-attacks-target-fortios-microsoft-exchange-flaws

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://www.securityweek.com/babuk-ransomware-seen-exploiting-proxyshell-vulnerabilities/

https://web.archive.org/web/20211025233339/https://twitter.com/pancak3lullz/status/1452679527197560837

https://www.fortiguard.com/threat-signal-report/4121/brand-new-lockfile-ransomware-distributed-through-proxyshell-and-petitpotam

https://www.zerodayinitiative.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty

https://www.tenable.com/blog/microsofts-feb-2024-patch-tuesday-cve-2024-21351-cve-2024-21412

https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities

https://www.tenable.com/blog/proxynotshell-owassrf-tabshell-patch-your-microsoft-exchange-servers-now

https://www.tenable.com/blog/aa22-257a-cybersecurity-joint-advisory-on-iranian-islamic-revolutionary-guard-ransomware

https://www.tenable.com/blog/proxyshell-attackers-actively-scanning-for-vulnerable-microsoft-exchange-servers-cve-2021-34473

https://www.tenable.com/blog/microsoft-s-may-2021-patch-tuesday-addresses-55-cves-cve-2021-31166

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207

http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html

Details

Source: Mitre, NVD

Published: 2021-05-11

Updated: 2025-03-13

Named Vulnerability: ProxyShellKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.6

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.93866