Proxynotshell

Vulnerability updated 23 days ago (2024-11-29T13:31:51.492Z)
Download STIX
Preview STIX
ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint to exploit another related vulnerability, CVE-2022-41040. These vulnerabilities were part of a series of security issues with Microsoft Exchange Server that have been problematic since 2021, including ProxyLogon and ProxyShell. However, a new exploit method known as OWASSRF has emerged, which bypasses mitigations previously provided by Microsoft for ProxyNotShell. Unlike ProxyNotShell, OWASSRF uses the OWA frontend endpoint to exploit yet another vulnerability, CVE-2022-41080. This development showcases the evolving capabilities of threat actors who continue to augment their toolbox with new tools and exploits, including ProxyNotShell, OWASSRF, and a remote code execution vulnerability in Microsoft Exchange Server. The Play group, a cyber threat actor, often gains initial access to victim networks by abusing valid accounts and exploiting public-facing applications. They have been known to exploit vulnerabilities in FortiOS (CVE-2018-13379 and CVE-2020-12812) and Microsoft Exchange (ProxyNotShell CVE-2022-41040 and CVE-2022-41082). Notably, the ProxyNotShell vulnerability cannot be easily patched, similar to other highly exploitable vulnerabilities like Log4j. Thus, it remains a significant concern in the cybersecurity landscape.
Description last updated: 2024-05-04T16:28:31.720Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
CVE-2022-41082 is a possible alias for Proxynotshell. CVE-2022-41082 is a critical software vulnerability discovered in Microsoft Exchange Servers, which allows for Remote Code Execution (RCE). This flaw is one of two zero-day vulnerabilities found, the other being CVE-2022-41040. The RCE vulnerability presents a significant threat as it enables attack
7
CVE-2022-41040 is a possible alias for Proxynotshell. CVE-2022-41040 is a software vulnerability that was discovered in late September 2022, along with another flaw, CVE-2022-41082. These two zero-day vulnerabilities were collectively known as ProxyNotShell. The vulnerabilities were exploited to compromise Microsoft Exchange through the proxy mechanism
6
CVE-2022-41080 is a possible alias for Proxynotshell. CVE-2022-41080 is a significant software vulnerability identified in 2022, specifically a flaw in the design or implementation of Microsoft Exchange Server. This vulnerability enables Server-Side Request Forgery (SSRF), potentially allowing malicious actors to manipulate server requests and execute
4
Owassrf is a possible alias for Proxynotshell. OWASSRF is a software vulnerability that presents a significant security risk to Microsoft Exchange Server systems. It's an exploit method that bypasses ProxyNotShell vulnerability mitigations, allowing for remote code execution on vulnerable servers through Outlook Web Access. This vulnerability ha
4
Proxyshell is a possible alias for Proxynotshell. ProxyShell is a vulnerability that affects Microsoft Exchange email servers, posing a significant risk to organizations worldwide. This flaw in software design or implementation allows attackers to exploit the system and gain unauthorized access. Since early 2021, Iranian government-sponsored APT ac
3
Proxylogon is a possible alias for Proxynotshell. ProxyLogon is a serious software vulnerability, specifically an exploit chain in Microsoft Exchange Server. The chain includes CVE-2021-26855, a server-side request forgery (SSRF) vulnerability that allows attackers to bypass authentication and impersonate users, along with other vulnerabilities suc
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Vulnerability
Exploits
Ransomware
Fortios
Zero Day
Microsoft
Remote Code ...
Log4j
RCE (Remote ...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The vulnerability CVE-2020-12812 is associated with Proxynotshell. Unspecified
2
The CVE-2018-13379 Vulnerability is associated with Proxynotshell. CVE-2018-13379 is a critical vulnerability that affects FortiOS and Fortiguard, presenting a flaw in their software design or implementation. This specific vulnerability, which can expose sensitive credentials, has been frequently exploited, making the top 15 most routinely exploited list in both 20Unspecified
2
The Follina Vulnerability is associated with Proxynotshell. Follina (CVE-2022-30190) is a software vulnerability that was discovered and exploited in the first half of 2022. It was weaponized by TA413, a malicious entity known for its cyber attacks, shortly after its discovery and publication. The vulnerability was used to target the Sophos Firewall product,Unspecified
2
The CVE-2023-32031 Vulnerability is associated with Proxynotshell. CVE-2023-32031 is a significant software vulnerability discovered in Microsoft's Exchange server. The flaw lies within the software's design or implementation and allows for remote code execution. This vulnerability could enable authenticated attackers on the Exchange server to execute malicious codUnspecified
2
The vulnerability CVE-2023-28310 is associated with Proxynotshell. Unspecified
2
Source Document References
Information about the Proxynotshell Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
Malwarebytes
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CrowdStrike
a year ago
CrowdStrike
a year ago
CERT-EU
a year ago
Checkpoint
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Unit42
2 years ago
CERT-EU
a year ago
CERT-EU
2 years ago
Krebs on Security
2 years ago
Securelist
2 years ago