Full title: Microsoft Exchange Server Unpublished Pre-Authentication Remote Code Execution Exploit 
Category: remote exploits
Platform: windows
[Description]
First, IT&#039;S NOT PROXYLOGON. IT&#039;S NOT PROXYLOGON. IT&#039;S NOT PROXYLOGON. 
It&#039;s an unpublished vulnerability found by myself. It&#039;s not exploited in the wild and there&#039;s no exploit code on the Internet.

[About The Vulnerability]
It&#039;s a exploit chain utilizing pre-auth SSRF + post-auth EoP + post-auth file write to achieve pre-auth RCE on Exchange Server. The corresponding CVE numbers are:
- CVE-2021-28480, CVSS score 10
- CVE-2021-28481, CVSS score 10
- CVE-2021-28482, CVSS score 9

This exploit chain is not memory corruption bug so it&#039;s stable, easy to use, and no privilege required, the only limit is you must provide one victim&#039;s email as argument.

[Affect Versions]
- Exchange Server 2019 &lt; 15.02.0858.010
- Exchange Server 2019 &lt; 15.02.0792.013
- Exchange Server 2016 &lt; 15.01.2242.008
- Exchange Server 2016 &lt; 15.01.2176.012
- Exchange Server 2013 &lt; 15.00.1497.015

Video: https://0day.today/videos/36585.mp4

# 0day.today @ http://0day.today/