GET major difference between the two vulnerability sets is that authenticated access to the vulnerable Exchange Server is needed to successfully exploit the device. CVE-2022-41040 can be exploited using a GET query much like ProxyShell. It appears that the measures used to resolve the ProxyShell vulnerabilities (a collective name for three related Microsoft Exchange vulnerabilities: CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207) were not entirely successful.Īs with that collection, these new vulnerabilities need to be chained in order to work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |