CVE-2021-26857

Vulnerability updated 7 months ago (2024-05-04T20:10:11.839Z)

Download STIX

Preview STIX

Not enough context has been learned about CVE-2021-26857 for a description yet. However we're tracking it as a Vulnerability profile. Vulnerability: A flaw in software design or implementation

Description last updated:

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Proxylogon is a possible alias for CVE-2021-26857. ProxyLogon is a significant software vulnerability that was discovered in Microsoft Exchange Server. It is part of an exploit chain, including CVE-2021-26855, which is a server-side request forgery (SSRF) vulnerability. This flaw allows attackers to bypass authentication mechanisms and impersonate u	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Microsoft

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2021-26855 Vulnerability is associated with CVE-2021-26857. CVE-2021-26855 is a zero-day server-side request forgery (SSRF) vulnerability in Microsoft Exchange servers, particularly versions 2013, 2016, and 2019. This flaw in software design or implementation was exploited by attackers to gain initial access to the email servers and drop an ASPX webshell on	Unspecified	2

Source Document References

Information about the CVE-2021-26857 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	2 months ago	14 Million Patients Impacted by US Healthcare Data Breaches in 2024
MITRE	a year ago	Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 \| Microsoft Security Blog
MITRE	a year ago	Analyzing Attacker Behavior Post-Exploitation of MS Exchange \| Rapid7 Blog
SecurityIntelligence.com	a year ago	X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021
CERT-EU	a year ago	From Caribbean shores to your devices: analyzing Cuba ransomware – GIXtools
Securelist	a year ago	Analysis of Cuba ransomware gang activity and tooling
CISA	a year ago	2022 Top Routinely Exploited Vulnerabilities \| CISA
CERT-EU	a year ago	Close Quarters Encounters with Third Generation Malware Compels UK and Danish Municipalities to Remodel Vulnerability Management Safeguards
MITRE	2 years ago	HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security Blog
MITRE	2 years ago	Exchange servers under siege from at least 10 APT groups \| WeLiveSecurity
MITRE	2 years ago	Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
CISA	2 years ago	Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization \| CISA
CISA	2 years ago	Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors \| CISA
GovCERT CH	2 years ago	Exchange Vulnerability 2021
CISA	2 years ago	Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization \| CISA
CISA	2 years ago	Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors \| CISA
CERT-EU	2 years ago	A Mere Five Percent of Vulnerable Enterprises Fix Their Issues Every Month: How to Help Them Do Better? \| Bitsight
CERT-EU	2 years ago	Cybersecurity threatscape: year 2021 in review