CVE-2021-34473
Microsoft Exchange Server Remote Code Execution Vulnerability
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- June 09, 2021
- Published Date
- July 14, 2021
- Last Updated
- February 04, 2025
- Vendor
- Microsoft
- Product
- Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8
- Description
- Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Scores
CVSS v3.1
9.1 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/exchange_proxyshell_rce.rb | 2025-04-29 11:01:37 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-34473.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
ipsBruno/CVE-2021-34473-NMAP-SCANNER
Type: github • Created: 2022-11-16 08:22:29 UTC • Stars: 2
A massive scanner for CVE-2021-34473 Microsoft Exchange Windows Vulnerability
je6k/CVE-2021-34473-Exchange-ProxyShell
Type: github • Created: 2021-11-22 07:47:09 UTC • Stars: 17
对Exchange Proxyshell 做了二次修改,精确的拆分、实现辅助性安全测试。
p2-98/CVE-2021-34473
Type: github • Created: 2021-08-16 11:27:13 UTC • Stars: 30
CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability
RaouzRouik/CVE-2021-34473-scanner
Type: github • Created: 2021-08-11 12:20:07 UTC • Stars: 6
Scanner for CVE-2021-34473, ProxyShell, A Microsoft Exchange On-premise Vulnerability