Source |
LogPoint |
Identifiant |
7316768 |
Date de publication |
2022-10-06 08:15:46 (vue: 2022-10-06 09:07:51) |
Titre |
ProxyNotShell: Detecting exploitation of zero-day Exchange server vulnerabilities |
Texte |
>by Bhabesh Raj Rai, Security ResearchOn September 29, 2022, Microsoft confirmed reports of adversaries exploiting two zero-day vulnerabilities that affect Microsoft Exchange servers: CVE-2022-41040 (CVSSv3 score of 6.3) and CVE-2022-41082(CVSSv3 score of 8.8). The former is a Server-Side Request Forgery (SSRF) vulnerability, while the latter allows remote code execution (RCE) when PowerShell is accessible to [...]
|
Envoyé |
Oui |
Condensat |
2022 41040 41082 >by accessible adversaries affect allows bhabesh code confirmed cve cvssv3 day detecting exchange execution exploitation exploiting forgery former latter microsoft powershell proxynotshell: rai raj rce remote reports request researchon score security september server servers: side ssrf two vulnerabilities vulnerability when zero |
Tags |
|
Stories |
|
Notes |
|
Move |
|