Security News > 2022 > October > ProxyNotShell – the New Proxy Hell?

ProxyNotShell – the New Proxy Hell?
2022-10-04 08:05

Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution when PowerShell is available to unidentified attackers.

Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to the one used in the 2021 ProxyShell attack that exploited the combination of multiple vulnerabilities - CVE-2021-34523, CVE-2021-34473, and CVE-2021-31207 - to permit a remote actor to execute arbitrary code.

Despite the potential severity of attacks using them, ProxyShell vulnerabilities are still on CISA's list of top 2021 routinely exploited vulnerabilities.

Recorded on September 19, 2022, CVE-2022-41082 is an attack vector targeting Microsoft's Exchange Servers, enabling attacks of low complexity with low privileges required.

The chained vulnerabilities could grant an outsider attacker the ability to read emails directly off an organization's server the ability to breach the organization with CVE-2022-41040 Remote Code Execution and implant malware on the organization's Exchange Server with CVE-2022-41082.

A ProxyNotShell attack vector has been added to the advanced scenarios templates, and running it on your environment yields the necessary information to validate exposure - or lack thereof - to ProxyNotShell.


News URL

https://thehackernews.com/2022/10/proxynotshell-new-proxy-hell.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-10-03 CVE-2022-41082 Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
low complexity
microsoft CWE-502
8.0
2022-10-03 CVE-2022-41040 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-918
8.8
2021-07-14 CVE-2021-34523 Improper Authentication vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-287
critical
9.0
2021-07-14 CVE-2021-34473 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-918
critical
9.1
2021-05-11 CVE-2021-31207 Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Security Feature Bypass Vulnerability
network
high complexity
microsoft CWE-434
6.6