{
  "Name": "Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473)",
  "Description": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.",
  "Product": "Microsoft-Exchange-Server",
  "Homepage": "https://msrc.microsoft.com",
  "DisclosureDate": "2021-07-14",
  "Author": "go0p",
  "GifAddress": "https://raw.githubusercontent.com/gobysec/GobyVuls/master/Microsoft/Exchange/CVE-2021-34473/Microsoft_Exchange_Server_Remote_Code_Execution_Vulnerability_CVE-2021-34473.gif",
  "FofaQuery": "app=\"Microsoft-Exchange\"",
  "GobyQuery": "",
  "Level": "3",
  "Impact": "",
  "Recommendation": "Users can refer to the security bulletins provided by the following vendors to obtain patch information: https://msrc.microsoft.com/update-guide/en-US/vulnerability/",
  "Translation": {
    "CN": {
      "Description": "Microsoft Exchange Server是Microsoft开发的邮件服务器和日历服务器。 Microsoft Exchange Server存在远程代码执行漏洞。攻击者可利用该漏洞实现远程代码执行。",
      "Impact": "Impact",
      "Name": "Microsoft Exchange Server远程代码执行漏洞（CNVD-2021-51485）",
      "Product": "Microsoft Exchange Server",
      "Recommendation": "厂商已发布了漏洞修复程序，请及时关注更新： https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473"
    }
  },
  "References": null,
  "RealReferences": [
    "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html",
    "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34473",
    "https://www.zerodayinitiative.com/advisories/ZDI-21-821/",
    "https://nvd.nist.gov/vuln/detail/CVE-2021-34473",
    "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473"
  ],
  "HasExp": true,
  "ExpParams": [
	{
	  "name": "Mode",
	  "type": "select",
	  "value": "GetShell,Exec_Ps"
	},
	{
	  "name": "Exec",
	  "type": "input",
	  "value": "Get-User",
      "show": "Mode=Exec_Ps"
	}
  ],
  "ExpTips": {
    "Type": "",
    "Content": ""
  },
  "ScanSteps": null,
  "ExploitSteps": null,
  "Tags": ["getshell"],
  "CVEIDs": [
    "CVE-2021-34473"
  ],
  "CVSSScore": "9.8",
  "CNVDIDs": [
    "CNVD-2021-51485"
  ],
  "CNNVDIDs": null,
  "AttackSurfaces": {
    "Application": ["Microsoft-Exchange"],
    "Support": null,
    "Service": null,
    "System": null,
    "Hardware": null
  },
  "Disable": false
}