Microsoft has released a patch for a highly severe Exchange Server vulnerability in its November 2021 Patch Tuesday. This vulnerability can allow authenticated attackers to execute codes remotely on vulnerable servers. The CVE-2021-42321 security issue is caused by inappropriate validation of command-let (cmdlet) parameters. To execute this vulnerability, the attacker needs to be authenticated. This vulnerability only affects on-premises Microsoft Exchange servers, including those used by users in Exchange Hybrid … Continue reading “Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability (CVE-2021-42321)”
Tag: Authenticated RCE
Wing FTP Server Remote Code Execution Vulnerability
Overview: Recently, an authenticated RCE vulnerability was found in the Wing FTP Server. This vulnerability allows authenticated remote attackers to execute arbitrary commands on the targeted server. On Shodan, we observed more than 150 devices that are publicly available on the internet, which may be vulnerable. … Continue reading “Wing FTP Server Remote Code Execution Vulnerability”
VMware Cloud Director Remote Code Execution Vulnerability
On May 19,2020 VMware released an advisory to address Remote Code Execution vulnerability in VMware Cloud Director. CVE-2020-3956 has assigned to track this vulnerability. vCloud Director VMware Cloud Director (formerly known as vCloud Director) is a popular deployment, automation, and management software that’s used to operate and manage cloud resources, allowing businesses to data centers distributed … Continue reading “VMware Cloud Director Remote Code Execution Vulnerability”