CVE-2021-34473

Vulnerability updated 23 days ago (2024-11-29T14:37:52.747Z)
Download STIX
Preview STIX
CVE-2021-34473 is a significant software vulnerability that was discovered in Microsoft Exchange Server. This flaw, along with two others (CVE-2021-31207 and CVE-2021-34523), forms a chain of vulnerabilities known as ProxyShell. These vulnerabilities can be exploited together by remote attackers to gain unauthorized access, take control of an unpatched server, and execute malicious activities. The exploitation of these vulnerabilities has been frequently reported, making them some of the most routinely exploited bugs, second only to the Fortinet SSL VPN vulnerability (CVE-2018-13379). Threat actors have effectively used the ProxyShell vulnerabilities to infiltrate victims' infrastructures. Specifically, they have leveraged these flaws to inject an info stealer into the Microsoft Exchange Server. The combination of these three vulnerabilities has been identified as one of the most common attack vectors targeting Microsoft Exchange servers. Notably, the ProxyShell vulnerabilities were among the most exploited vulnerabilities last year, following the Fortinet SSL VPN vulnerability. Several protective measures have been put in place to guard against these threats. For instance, Check Point IPS provides protection against this threat, including the Microsoft Exchange Server Security Feature Authentication Bypass (CVE-2021-31207) and the Microsoft Exchange Server Remote Code Execution (CVE-2021-34473). Despite these protective measures, various threat actors, including Cadet Blizzard, have continued to exploit these vulnerabilities, often alongside other flaws such as the Atlassian Confluence bug (CVE-2021-26084) and Log4Shell (CVE-2021-44228).
Description last updated: 2024-05-22T19:16:21.365Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Proxyshell is a possible alias for CVE-2021-34473. ProxyShell is a vulnerability that affects Microsoft Exchange email servers, posing a significant risk to organizations worldwide. This flaw in software design or implementation allows attackers to exploit the system and gain unauthorized access. Since early 2021, Iranian government-sponsored APT ac
8
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Microsoft
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Hive Malware is associated with CVE-2021-34473. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostagUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The APT40 Threat Actor is associated with CVE-2021-34473. APT40, a threat actor attributed to China, is a cyber espionage group that primarily targets countries of strategic importance to the Belt and Road Initiative. The group is known for its use of a variety of attack vectors, notably spear-phishing emails posing as individuals likely to be of interest Unspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2021-31207 Vulnerability is associated with CVE-2021-34473. CVE-2021-31207 is a significant software vulnerability that has been exploited by APT40, a group known for rapidly taking advantage of newly public vulnerabilities in widely used software. This particular vulnerability affects Atlassian Confluence and Microsoft Exchange, among other platforms, and aUnspecified
5
The vulnerability CVE-2021-34523 is associated with CVE-2021-34473. Unspecified
3
The Proxylogon Vulnerability is associated with CVE-2021-34473. ProxyLogon is a serious software vulnerability, specifically an exploit chain in Microsoft Exchange Server. The chain includes CVE-2021-26855, a server-side request forgery (SSRF) vulnerability that allows attackers to bypass authentication and impersonate users, along with other vulnerabilities sucUnspecified
3
The CVE-2021-44228 Vulnerability is associated with CVE-2021-34473. CVE-2021-44228, also known as the Log4Shell vulnerability, is a significant flaw in Apache's Log4j software. Disclosed in December 2021, it quickly became one of the most severe bugs due to its widespread usage and potential for exploitation. Various Advanced Persistent Threat (APT) actors attemptedUnspecified
3
The Follina Vulnerability is associated with CVE-2021-34473. Follina (CVE-2022-30190) is a software vulnerability that was discovered and exploited in the first half of 2022. It was weaponized by TA413, a malicious entity known for its cyber attacks, shortly after its discovery and publication. The vulnerability was used to target the Sophos Firewall product,Unspecified
2
The Log4Shell Vulnerability is associated with CVE-2021-34473. Log4Shell is a significant software vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) that exists in the Log4j Java-based logging utility. It was exploited by various Advanced Persistent Threat (APT) actors, including LockBit affiliates and GOLD MELODY (UNC961), to gain unauthorizedUnspecified
2
The Proxyshell Cve-2021-34473 Vulnerability is associated with CVE-2021-34473. ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) is a set of three chained vulnerabilities that perform unauthenticated remote code execution (RCE) in Microsoft Exchange. Identified as a significant flaw in software design or implementation, it allows unauthorized users to execute arbitraUnspecified
2
Source Document References
Information about the CVE-2021-34473 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
a month ago
InfoSecurity-magazine
3 months ago
Securelist
4 months ago
Securityaffairs
5 months ago
CISA
5 months ago
BankInfoSecurity
7 months ago
Unit42
7 months ago
Securityaffairs
7 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
MITRE
a year ago
MITRE
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
Trend Micro
a year ago
DARKReading
a year ago