1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Microsoft Exchange Server Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2021-26855 Mappings

Microsoft Exchange Server Remote Code Execution Vulnerability

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability secondary_impact T1005 Data from Local System
Comments
CVE-2021-26855, also known as ProxyLogon, allows an unauthenticated attacker to send arbitrary HTTP requests and authenticate as the Exchange Server. The vulnerability exploits the Exchange Control Panel (ECP) via a Server-Side Request Forgery (SSRF). This would also allow the attacker to gain access to mailboxes and read sensitive information.
References
  1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-062a
CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability secondary_impact T1505.003 Web Shell
Comments
CVE-2021-26855, also known as ProxyLogon, allows an unauthenticated attacker to send arbitrary HTTP requests and authenticate as the Exchange Server. The vulnerability exploits the Exchange Control Panel (ECP) via a Server-Side Request Forgery (SSRF). This would also allow the attacker to gain access to mailboxes and read sensitive information.
References
  1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-062a
CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability primary_impact T1090 Proxy
Comments
CVE-2021-26855 allows an unauthenticated attacker to send arbitrary HTTP requests and authenticate as the Exchange Server. The vulnerability exploits the Exchange Control Panel (ECP) via a Server-Side Request Forgery (SSRF). This would also allow the attacker to gain access to mailboxes and read sensitive information.
References
  1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-062a
CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability exploitation_technique T1133 External Remote Services
Comments
CVE-2021-26855 allows an unauthenticated attacker to send arbitrary HTTP requests and authenticate as the Exchange Server. The vulnerability exploits the Exchange Control Panel (ECP) via a Server-Side Request Forgery (SSRF). This would also allow the attacker to gain access to mailboxes and read sensitive information.
References
  1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-062a