Microsoft Exchange Server Server-Side Request Forgery Vulnerability

Strike ID:
E23-eq6o1
CVSS:
8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
10
Year:
2022

Description

This strike exploits a server-side request forgery vulnerability in Microsoft Exchange Server. The vulnerability is due to insufficient handling of requests to the autodiscover component of Exchange. An authenticated, remote attacker can exploit this vulnerability by sending a crafted request to the vulnerable Exchange server. Successful exploitation results in requests being made to backend servers. *NOTE: This strike sends a request to /mapi/nspi/ or ews/exchange.asmx which are inaccessible by default. In one-arm mode we use the authorization Administrator:Password1

CVE

References