CVE-2021-26857
Microsoft Exchange Server remote deserialization vulnerability is part of the ProxyLogon chain. It allows privilege escalation and remote code execution.
Vulnerability Profile
CVSS Score
8.8 / 10.0
Severity
High
Exploitation Status
⚠ Active Exploitation
Patch Status
✓ Patch Available
Affected Software
Microsoft Exchange Server 2013/2016/2019
Exploitation Method
Deserialization RCE
MITRE ATT&CK
T1059 - Command and Scripting Interpreter
CVE-2021-26857 Microsoft Exchange Unified Messaging servisi deserialization acigi. SYSTEM yetkisinde kod yurutmeyi mumkun kiliyor. ProxyLogon zincirine (CVE-2021-26855) baglidir.