Severity
High
Analysis Summary
The following CVEs are being actively exploited in wild by threat actors. Immediate action is suggested.
CVE-2021-26855
A server-side request forgery (SSRF) vulnerability in Exchange Server
CVE-2021-26857:
An insecure deserialization vulnerability in the Unified Messaging service
CVE-2021-26858:
A post-authentication arbitrary file write vulnerability in Exchange
CVE-2021-27065:
A post-authentication arbitrary file write vulnerability in Exchange
CVE-2021-22893:
The Zero-day Pulse Connect Secure authentication bypass vulnerability allows an attacker to run an arbitrary code on the Pulse Connect Secure Gateway. A remote, unauthenticated attacker can send a specially crafted HTTP request to the victim to exploit the vulnerability and gain access to the target system.
CVE-2021-22894:
Pulse Connect Secure is vulnerable to a buffer overflow, caused by improper bounds checking. By persuading a victim to connect to a maliciously-crafted meeting room, a remote authenticated attacker could overflow a buffer and execute arbitrary code with root privileges on the system.
CVE-2021-22899:
Pulse Connect Secure could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injectionflaw. By using Windows Resource Profiles Feature, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2021-22900:
Pulse Connect Secure could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions by the administrator web interface. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system.
CVE-2021-27101:
Accellion File Transfer Appliance is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the document_root.html script using a specially crafted Host header, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2021-27102:
Accellion File Transfer Appliance could allow a remote attacker to execute arbitrary commands on the system. By using a local web service call, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
CVE-2021-27103:
Accellion File Transfer Appliance is vulnerable to server-side request forgery. By sending a request with a specially-crafted POST request to wmProgressstat.html, an attacker could exploit this vulnerability to conduct an SSRF attack.
CVE-2021-27104:
Accellion File Transfer Appliance could allow a remote attacker to execute arbitrary commands on the system. By sending a specially crafted POST request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
CVE-2021-21985:
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in the vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server
Impact
- Data Manipulation
- Remote Code Execution
- Data Breach
- Unauthorized Access
Affected Vendors
Microsoft
Pulse Secure
VMware
Acellion
Affected Products
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
- Pulse Connect Secure 9.1RX
- Pulse Connect Secure 9.0RX
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
- Pulse Secure Pulse Connect Secure 9.0R3
- Pulse Secure Pulse Connect Secure 9.0RX
- Pulse Secure Pulse Connect Secure 9.1RX
- Pulse Secure Pulse Connect Secure 9.1R1
- Accellion File Transfer Appliance 9_12_370
Remediation
Refer to CISA advisory from more update affected product and their respective patches