CVE-2021-34473

Vulnerability Profile Updated 23 days ago
Download STIX
Preview STIX
CVE-2021-34473 is a significant software vulnerability that was discovered in Microsoft Exchange Server. This flaw, along with two others (CVE-2021-31207 and CVE-2021-34523), forms a chain of vulnerabilities known as ProxyShell. These vulnerabilities can be exploited together by remote attackers to gain unauthorized access, take control of an unpatched server, and execute malicious activities. The exploitation of these vulnerabilities has been frequently reported, making them some of the most routinely exploited bugs, second only to the Fortinet SSL VPN vulnerability (CVE-2018-13379). Threat actors have effectively used the ProxyShell vulnerabilities to infiltrate victims' infrastructures. Specifically, they have leveraged these flaws to inject an info stealer into the Microsoft Exchange Server. The combination of these three vulnerabilities has been identified as one of the most common attack vectors targeting Microsoft Exchange servers. Notably, the ProxyShell vulnerabilities were among the most exploited vulnerabilities last year, following the Fortinet SSL VPN vulnerability. Several protective measures have been put in place to guard against these threats. For instance, Check Point IPS provides protection against this threat, including the Microsoft Exchange Server Security Feature Authentication Bypass (CVE-2021-31207) and the Microsoft Exchange Server Remote Code Execution (CVE-2021-34473). Despite these protective measures, various threat actors, including Cadet Blizzard, have continued to exploit these vulnerabilities, often alongside other flaws such as the Atlassian Confluence bug (CVE-2021-26084) and Log4Shell (CVE-2021-44228).
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Proxyshell
7
ProxyShell is a chain of three vulnerabilities (tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) that affect Microsoft Exchange email servers. These vulnerabilities allow unauthenticated attackers to gain administrator access and execute remote code on unpatched servers. Discovered in
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Microsoft
Chromium
Vpn
CISA
Proxy
Blizzard
Remote Code ...
Apache
Israeli
Backdoor
Eset
Confluence
Ransomware
exploited
Apt
MGM
flaw
bugs
Vulnerability
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
HiveUnspecified
2
Hive is a malicious software, or malware, known for its disruptive capabilities and widespread damage. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data h
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
1
AlphV, also known as BlackCat, is a significant threat actor in the cybersecurity landscape. In 2023, they were responsible for approximately 9.7% of total leak site posts, second only to other prominent ransomware groups. They notably stole 5TB of data from Morrison Community Hospital, and it's est
Charming KittenUnspecified
1
Charming Kitten is a threat actor group, believed to be of Iranian origin, known for its advanced and sophisticated cyberattacks. The group has been active in launching attacks against various entities in Brazil, Israel, and the United Arab Emirates using a new backdoor method, as reported by Securi
BlackbyteUnspecified
1
BlackByte, a threat actor known for its malicious activities, has been on the radar of cybersecurity agencies since its emergence in July 2021. Notorious for targeting critical infrastructure, BlackByte attracted the attention of the Federal Bureau of Investigation (FBI) and the US Secret Service (U
Cadet BlizzardUnspecified
1
Cadet Blizzard, a new Advanced Persistent Threat (APT) group linked to Russia's GRU military intelligence unit, has been identified by Microsoft researchers. Active since at least 2020, the group has seen some recent success in its operations. Cadet Blizzard has reportedly received support from at l
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2021-31207Unspecified
4
None
CVE-2021-34523Unspecified
3
None
Log4ShellUnspecified
2
Log4Shell, a critical vulnerability in the logging feature of the Java programming language, also known as Log4j, was publicly disclosed on December 9th. This software flaw affected millions of devices and applications globally, including those in Estonia. The vulnerability, officially designated as
Proxyshell Cve-2021-34473Unspecified
2
ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) is a set of three chained vulnerabilities that perform unauthenticated remote code execution (RCE) in Microsoft Exchange. Identified as a significant flaw in software design or implementation, it allows unauthorized users to execute arbitra
ProxylogonUnspecified
2
ProxyLogon is a notable software vulnerability that surfaced in the cybersecurity landscape. It was part of an exploit chain, including CVE-2021-26855, a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server. This flaw allowed attackers to bypass authentication mechanisms and
FollinaUnspecified
2
Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou
CVE-2021-40539Unspecified
1
None
CVE-2018-13379Unspecified
1
CVE-2018-13379 is a critical vulnerability that affects FortiOS and Fortiguard, presenting a flaw in their software design or implementation. This specific vulnerability, which can expose sensitive credentials, has been frequently exploited, making the top 15 most routinely exploited list in both 20
CVE-2021-44228Unspecified
1
CVE-2021-44228, also known as Log4Shell, is a critical vulnerability in the Apache Log4j software library that has been widely exploited since its discovery. This flaw in software design or implementation allows for remote code execution, making it a prime target for malicious actors. Despite multip
ProxynotshellUnspecified
1
ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t
Proxylogon CveUnspecified
1
None
Proxyshell CveUnspecified
1
None
CVE-2021-26084Unspecified
1
CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection atta
CVE-2022-41040Unspecified
1
CVE-2022-41040 is a software vulnerability that was discovered in late September 2022, along with another flaw, CVE-2022-41082. These two zero-day vulnerabilities were collectively known as ProxyNotShell. The vulnerabilities were exploited to compromise Microsoft Exchange through the proxy mechanism
Source Document References
Information about the CVE-2021-34473 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
22 days ago
Active Chinese Cyberespionage Campaign Rifling Email Servers
Unit42
22 days ago
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
CERT-EU
5 months ago
ProxyShell-targeting Babuk Tortilla ransomware decrypted after hacker’s arrest | #ransomware | #cybercrime | National Cyber Security Consulting
Malwarebytes
10 months ago
2022's most routinely exploited vulnerabilities—history repeats
CERT-EU
10 months ago
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities
CERT-EU
6 months ago
GitHub - kh4sh3i/ProxyShell: CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability
CERT-EU
a year ago
Sensor Intel Series: Top CVEs in May 2023
CERT-EU
a year ago
X-Force Prevents Zero Day from Going Anywhere
BankInfoSecurity
10 months ago
Patching Conundrum: 5-Year Old Flaw Again Tops Most-Hit List
CERT-EU
a year ago
Hive Ransomware? Let’s Learn All About It - Cybersecurity Insiders
DARKReading
9 months ago
Iran's Charming Kitten Pounces on Israeli Exchange Servers
Fortinet
a year ago
Meet LockBit: The Most Prevalent Ransomware in 2022 | FortiGuard Labs
CERT-EU
10 months ago
Unmasking the top exploited vulnerabilities of 2022 – GIXtools
CERT-EU
7 months ago
CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations
BankInfoSecurity
10 months ago
Patching Conundrum: 4-Year Old Flaw Again Tops Most-Hit List
Securityaffairs
23 days ago
A malware campaign exploits Microsoft Exchange Server flaws
CERT-EU
10 months ago
CISA Advisory of Top 42 Frequently Exploited Flaws of 2022
CERT-EU
4 months ago
Sensor Intel Series: Top CVEs in December 2023
CERT-EU
9 months ago
From Caribbean shores to your devices: analyzing Cuba ransomware – GIXtools
CISA
a year ago
#StopRansomware: Hive Ransomware | CISA