Security News > 2022 > October > ProxyNotShell – the New Proxy Hell?

Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution when PowerShell is available to unidentified attackers.

Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to the one used in the 2021 ProxyShell attack that exploited the combination of multiple vulnerabilities - CVE-2021-34523, CVE-2021-34473, and CVE-2021-31207 - to permit a remote actor to execute arbitrary code.

Despite the potential severity of attacks using them, ProxyShell vulnerabilities are still on CISA's list of top 2021 routinely exploited vulnerabilities.

Recorded on September 19, 2022, CVE-2022-41082 is an attack vector targeting Microsoft's Exchange Servers, enabling attacks of low complexity with low privileges required.

The chained vulnerabilities could grant an outsider attacker the ability to read emails directly off an organization's server the ability to breach the organization with CVE-2022-41040 Remote Code Execution and implant malware on the organization's Exchange Server with CVE-2022-41082.

A ProxyNotShell attack vector has been added to the advanced scenarios templates, and running it on your environment yields the necessary information to validate exposure - or lack thereof - to ProxyNotShell.

News URL

https://thehackernews.com/2022/10/proxynotshell-new-proxy-hell.html