Microsoft Exchange ProxyNotShell Remote Code Execution

Posted by deepcore on December 1, 2022 – 4:21 pm

Last Updated on December 1, 2022 by deepcore

This Metasploit module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend (CVE-2022-41040), where a deserialization flaw can be leveraged to obtain code execution (CVE-2022-41082). This exploit only supports Exchange Server 2019. These vulnerabilities were patched in November 2022.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« perfSONAR 4.4.4 Open Proxy / Relay OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Microsoft Exchange ProxyNotShell Remote Code Execution

Post a reply

Tabs Switcher

Archives

Meta

BLOGROLL