CVE-2021-33766

HIGH KEV NUCLEI

Microsoft Exchange Server - Info Disclosure

Title source: llm

Description

Microsoft Exchange Server Information Disclosure Vulnerability

Exploits (3)

nomisec WORKING POC 49 stars
by bhdresh · poc
https://github.com/bhdresh/CVE-2021-33766
nomisec WORKING POC 11 stars
by demossl · remote
https://github.com/demossl/CVE-2021-33766-ProxyToken
patchapalooza WORKING POC
by bhdresh · remote
https://github.com/bhdresh/CVE-2021-33766-ProxyToken

Nuclei Templates (1)

Microsoft Exchange - Authentication Bypass
HIGHVERIFIEDby daffainfo
Shodan: vuln:cve-2021-26855 || http.favicon.hash:1768726119 || http.title:"outlook" || cpe:"cpe:2.3:a:microsoft:exchange_server"
FOFA: title="outlook" || icon_hash=1768726119

References (3)

Scores

CVSS v3 7.3
EPSS 0.9361
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CISA KEV 2022-01-18
VulnCheck KEV 2021-12-21
InTheWild.io 2021-12-21
ENISA EUVD EUVD-2021-20443
Status published
Products (3)
microsoft/exchange_server 2013 cumulative_update_23
microsoft/exchange_server 2016 cumulative_update_19 (2 CPE variants)
microsoft/exchange_server 2019 cumulative_update_8 (2 CPE variants)
Published Jul 14, 2021
KEV Added Jan 18, 2022
Tracked Since Feb 18, 2026