ProxyShell – A New Attack Surface on Microsoft Exchange Server (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207)

The Proxyshell vulnerability was discovered by Orange Tsai, a security researcher at Devcore, in the  Pwn2Own hacking contest, April 2021. ProxyShell is chained with three bugs – CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. CVE-2021-34473: Pre-auth Path Confusion that leads to ACL bypass CVE-2021-34523: Elevation of Privilege on Exchange PowerShell Backend CVE-2021-31207: Post-auth Arbitrary-File-Write leads to Remote Code … Continue reading “ProxyShell – A New Attack Surface on Microsoft Exchange Server (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207)”