skip to content
Yupy Syntax

CVE-2021-34473 - Write Up

/ 2 min read

Last Updated:
cve

CVE-2021-34473 WriteUps

Haii!! How are you?!!

This time I will share an article about findings I found on a website that is vulnerable to the CVE-2021-34473 vulnerability. okay, let’s get straight to it.

Details Information Vulnerability:

The CVE-2021-34473 vulnerability in Microsoft Exchange Server involves a flaw in URL normalization, which allows unauthorized access to specific backend URLs when executed under the Exchange Server machine account. While this vulnerability may not be as impactful as the Server-Side Request Forgery (SSRF) found in ProxyLogon, it still enables manipulation of the URL path, providing the opportunity for further exploitation and access to backend resources

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Proof of Concept (PoC):

Here are some vulnerability paths to check whether the vulnerability is in the CVE-2021-34473 vulnerability or not.

Terminal window
https://xxx.xxx.xxx.xxx/autodiscover/autodiscover.json?@foo.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3f@foo.com

when i use this script it can be seen that this target is vulnerable to CVE-2021-34473 alt text

Tips

  • Conduct Research to Find Valid Email Addresses Start by digging up information about the target to find a valid email address. This can be done through various methods such as searching on social media, official websites, or using special tools that help in this process.

  • Use Brute Force If You Can’t Find an Email If manual searching doesn’t give results, you can try the brute force method by using the list of email addresses you have. This process tries all possibilities in the list until you find a valid one.

  • Brute Force SID If Automated Exploitation Doesn’t Work On some targets, automated exploitation may not work properly. In such cases, you can try the brute force method on the SID (Security Identifier). Try to find the correct SID, for example by changing SID=500 on the target, until you get the desired access.

Impact:

The impact of the CVE-2021-34473 vulnerability in Microsoft Exchange Server is significant. Here are the potential consequences:

  1. Remote Code Execution (RCE): This vulnerability can allow an attacker to execute arbitrary code on the Exchange Server, potentially taking full control of the affected system.
  2. Privilege Escalation: By exploiting the vulnerability, attackers can operate under the privileges of the Exchange Server machine account, potentially gaining elevated access within the network.

References: