Önder Online

CVE-2021-34473 Exchanger Server Zaafiyet tespiti

ondermonder

git clone https://github.com/certat/exchange-scans.git

$ python3 scan.py –path ‘/autodiscover/autodiscover.json?@itpro.com.tr/owa/?&Email=autodiscover/autodiscover.administrator%3F@xxx.com.tr’ \
–scheme ‘https://’ \
–patched $(date -Id)-patched.txt \
–unknown $(date -Id)-unknown.txt \
CVE-2021-34473 exchange-ips-at.txt $(date -Id)-vulnerable.txt

 

çıktı sonucu

cat 2021-11-28-patched.txt
“xxxxx”,”2021-11-28T18:07:52+00:00″,”15.1.1261″,”Exchange Server 2016 CU7

 

Etkilenen Sistemler

Aşağıdaki sistemlerin etkilendiği belirtilmiştir;

  • Microsoft Exchange Server 2019 Cumulative Update 9
  • Microsoft Exchange Server 2016 Cumulative Update 23
  • Microsoft Exchange Server 2013 Cumulative Update 8
  • Microsoft Exchange Server 2016 Cumulative Update 19
  • Microsoft Exchange Server 2019 Cumulative Update 20

 

Çözüm Önerileri

Aşağıdaki tabloda belirtilen güncellemelerin yüklenmesi önerilmektedir.

Ürün Makale Güvenlik Yaması
Microsoft Exchange Server 2019 Cumulative Update 9 5001779 Security Update
Microsoft Exchange Server 2013 Cumulative Update 23 5001779 Security Update
Microsoft Exchange Server 2019 Cumulative Update 8 5001779 Security Update
Microsoft Exchange Server 2016 Cumulative Update 19 5001779 Security Update
Microsoft Exchange Server 2016 Cumulative Update 20 5001779 Security Update

ilgili adresede gerekli güncelleme uyarısı verilmiştir.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473

 

exchange serverınızın ilgili vulnerability durumu için

map –script http-vuln-cve2021-26855.nse x.x.x. komutuyla bilgi alabilirsiniz. örnek çıktıda hassas olarak görünmekte

 

map –script http-vuln-cve2021-26855.nse x.x.x.x
Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-28 13:27 EST
Nmap scan report for mail.x.x.xx. (x.x.x.x)
Host is up (0.016s latency).
Not shown: 995 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
| http-vuln-cve2021-26855:
| VULNERABLE:
| Exchange Server SSRF Vulnerability
| State: cevi
| IDs: CVE:CVE-2021-26855
| Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010 are vulnerable to a SSRF via the X-AnonResource-Backend and X-BEResource cookies.
|
| Disclosure date: 2021-03-02
| References:
| http://aka.ms/exchangevulns
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26855
587/tcp open submission
4444/tcp open krb524
8443/tcp open https-alt

Nmap done: 1 IP address (1 host up) scanned in 5.42 seconds