fortiguard.fortinet.com Open in urlscan Pro
154.52.1.42  Public Scan

Submitted URL: http://www.fortinet.com/ids/VID50584
Effective URL: https://fortiguard.fortinet.com/encyclopedia/ips/50584
Submission: On December 17 via api from TR — Scanned from IL

Form analysis 2 forms found in the DOM

GET /search

<form action="/search" method="get" class="form-check d-none ng-pristine ng-valid">
  <span class="search_flat">
    <label for="search_field_header" class="visually-hidden" id="label-search_field-header">Search</label>
    <input id="search_field_header" type="text" class="search_field" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="">
    <button type="submit" value=" " class="btn btn-sm" aria-label="Submit your search">
      <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=32921" alt="search">
    </button>
    <div class="global_search-popup">
      <fieldset>
        <legend class="visually-hidden">Please select any available option</legend>
        <div class="form-check search-popup-item">
          <input type="radio" name="engine" id="all_home" class="form-check-input search-input-option" value="1" checked="checked" aria-checked="true">
          <label class="form-check-label search-input-label" for="all_home"> Normal </label>
        </div>
        <div class="form-check search-popup-item">
          <input type="radio" name="engine" id="exact_home" class="form-check-input search-input-option" value="2">
          <label class="form-check-label search-input-label" for="exact_home"> Exact Match </label>
        </div>
        <div class="form-check search-popup-item">
          <input type="radio" name="engine" id="cve_home" class="form-check-input search-input-option" value="3">
          <label class="form-check-label search-input-label" for="cve_home"> CVE </label>
        </div>
        <div class="form-check search-popup-item">
          <input type="radio" name="engine" id="threat_home" class="form-check-input search-input-option" value="4">
          <label class="form-check-label search-input-label" for="threat_home"> ID </label>
        </div>
        <div class="form-check search-popup-item">
          <input type="radio" name="engine" id="psirt_home" class="form-check-input search-input-option" value="6">
          <label class="form-check-label search-input-label" for="psirt_home"> PSIRT </label>
        </div>
        <div class="form-check search-popup-item">
          <input type="radio" name="engine" id="repms_home" class="form-check-input search-input-option" value="8">
          <label class="form-check-label search-input-label" for="repms_home"> Antispam </label>
        </div>
        <div class="form-check search-popup-item">
          <input type="radio" name="engine" id="outbreak-alert_home" class="form-check-input search-input-option" value="9">
          <label class="form-check-label search-input-label" for="outbreak-alert_home"> Outbreak Alert </label>
        </div>
        <div class="form-check search-popup-item">
          <input type="radio" name="engine" id="url_home" class="form-check-input search-input-option" value="7">
          <label class="form-check-label search-input-label" for="url_home"> IP/Domain/URL </label>
        </div>
      </fieldset>
    </div>
  </span>
</form>

GET /search

<form action="/search" method="get" class="mobile-search-form col-12  ng-pristine ng-valid">
  <div class="input-group">
    <select class="form-select" name="engine">
      <option value="1"> Normal </option>
      <option value="2"> Exact Match </option>
      <option value="3"> CVE </option>
      <option value="4"> ID </option>
      <option value="6"> PSIRT </option>
      <option value="8"> Antispam </option>
      <option value="9"> Outbreak Alert </option>
      <option value="7"> IP/Domain/URL </option>
    </select>
    <input id="search_field_header" type="text" class="form-control" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="">
    <button class="btn btn-sm btn-outline-secondary" type="submit">
      <img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=32921" alt="search">
    </button>
  </div>
</form>

Text Content

 * Search
   Please select any available option
   Normal
   Exact Match
   CVE
   ID
   PSIRT
   Antispam
   Outbreak Alert
   IP/Domain/URL

 * Research
   
   
   RESEARCH CENTER
   
   Explore latest research and threat reports on emerging cyber threats.
    * Outbreak Alerts
    * Security Blog
    * Threat Signal

 * Services
   
   
   SERVICES
   
   By Outbreak By Solution By Product
   
   
   PROTECT
   
   Counter measures across the security fabric for protecting assets, data and
   network.
    * Anti-Botnet
    * AntiMalware
    * AntiSpam
    * Application Control
    * Intrusion Protection
    * Operational Technology Security
    * Sandbox Behavior Engine
    * Web Application Security
    * Web Filtering
   
   
   DETECT
   
   Find and correlate important information to identify an outbreak.Find and
   correlate
    * Anti-Recon and Anti-Exploit
    * Cloud Threat Detection
    * Endpoint Detection & Response
    * Indicators of Compromise
    * Outbreak Deception
    * Outbreak Detection
    * SOC Automation
   
   
   RESPOND
   
   Develop containment techniques to mitigate impacts of security events.Develop
   containment
    * Endpoint Detection and Response
    * Endpoint Forensics
    * Incident Response
   
   
   RECOVER
   
   Improve security posture and processes by implementing security awareness and
   training.
    * Assessment Services
    * NSE Training
    * Security Awareness Training
   
   
   IDENTIFY
   
   Identify processes and assets that need protection.Identify processes and
   assets that
    * Breach Attack Simulation
    * Cloud Vulnerability
    * Dynamic Application Security Testing
    * Endpoint Vulnerability
    * FortiDevSec
    * Inline-CASB Application Definitions
    * IoT Detection
    * Pen Testing
    * Recon: ACI
    * Recon: BP
    * Recon: EASM
    * Security Rating
   
   
    * NETWORK SECURITY
   
    * Anti-Botnet
    * Anti-Recon and Anti-Exploit
    * Cloud Vulnerability and Threat Detection
    * Data Loss Prevention
    * Indicators of Compromise
    * Inline-CASB Application Definitions
    * Internet Services
    * Intrusion Protection
    * IP Geolocation
    * Secure DNS
   
   
    * ENDPOINT SECURITY
   
    * ANN and NDR
    * AntiVirus
    * Endpoint Detection & Response
    * Endpoint Vulnerability
    * IoT Detection
    * Sandbox Behavior Engine
   
   
    * APPLICATION SECURITY
   
    * AntiSpam
    * Application Control
    * Client Application Firewall
    * Credential Stuffing Defense
    * Dynamic Application Security Testing
    * Operational Technology Security
    * Web Application Security
    * Web Filtering
   
   
    * SECURITY OPERATIONS
   
    * Breach Attack Simulation
    * FortiDevSec
    * Outbreak Deception
    * Outbreak Detection
    * Pen Testing
    * Security Rating
   
    * FortiGate
   
    * FortiAnalyzer
   
    * FortiClient
   
    * FortiWeb
   
    * FortiADC
   
    * FortiAuthenticator
   
    * FortiCNP
   
    * FortiDDoS
   
    * FortiDeceptor
   
    * FortiEDR
   
    * FortiMail
   
    * empty
   
    * FortiNDR
   
    * FortiPAM
   
    * FortiPolicy
   
    * FortiProxy
   
    * FortiRecon
   
    * FortiSandBox
   
    * FortiSASE
   
    * FortiSIEM
   
    * FortiTester
   
    * FortiDAST
   
    * FortiCNAPP
   
    * empty
   
    * Anti-Botnet
    * AntiVirus
    * Application Control
    * Inline-CASB Application Definitions
    * Intrusion Protection
    * IoT Detection
    * IP Geolocation
    * Operational Technology Security
    * Secure DNS
    * Security Rating
    * Web Filtering
   
    * Indicators of Compromise
    * Outbreak Detection
    * SOC Automation
   
    * Anti-Botnet
    * Anti-Recon and Anti-Exploit
    * AntiVirus
    * Application Firewall
    * Credential Stuffing Defense
    * Endpoint Vulnerability
    * Intrusion Protection
    * Outbreak Detection
    * Web Filtering
   
    * Anti-Botnet
    * AntiVirus
    * Application Control
    * Credential Stuffing Defense
    * Fuzzy Webshell
    * IP Geolocation
    * Web Application Security
   
    * Anti-Botnet
    * AntiVirus
    * Credential Stuffing Defense
    * Intrusion Protection
    * IP Geolocation
    * Web Application Security
    * Web Filtering
   
    * IP Geolocation
   
    * Anti-Botnet
    * Data Loss Prevention
    * IP Geolocation
    * Vulnerability
   
    * Anti-Botnet
   
    * Anti-Recon and Anti-Exploit
    * AntiVirus
    * Intrusion Protection
    * Outbreak Deception
   
    * AntiVirus
    * EndPoint Detection and Response
    * Endpoint Vulnerability
    * Indicators of Compromise
    * Web Filtering
   
    * AntiSpam
    * AntiVirus
    * Web Filtering
   
    * Network Detection and Response
   
    * AntiVirus
    * Data Loss Prevention
   
    * Anti-Botnet
    * Application Control
   
    * Anti-Botnet
    * Application Control
    * Industrial Security
   
    * Digital Risk Protection
   
    * AntiVirus
    * Intrusion Protection
    * Sandbox Behavior Engine
    * Web Filtering
   
    * Anti-Botnet
    * AntiVirus
    * Application Control
    * Data Loss Prevention
    * Endpoint Vulnerability
    * Intrusion Protection
    * Secure DNS
    * Web Filtering
   
    * Indicators of Compromise
    * IP Geolocation
    * Outbreak Detection
   
    * Breach Attack Simulation
   
    * Dynamic Application Security Testing
   
    * Cloud Threat Detection
    * Cloud Vulnerability

 * Threat Intelligence
   
   
   THREAT INTELLIGENCE
   CENTER
   
   Browse the FortiGuard Labs extensive encyclopedia and Threat Analytics.
    * Application Control
    * FortiGuard Encyclopedia
    * Outbreak Threat Map
    * Threat Actor Encyclopedia
    * Threat Analytics
    * Web Filtering
   
   
 * Support
   
   
   SUPPORT CENTER
   
   PSIRT Center Product Support
   Fortinet Product Security Incident Response Team (PSIRT) updates.
    * Advisories
    * PSIRT Blog
    * PSIRT Contact
    * Security Vulnerability Policy
   
   Get the support whenever you need it.
    * FortiCare Support
    * Fortinet Community

 * Resources
   
   
   RESOURCE CENTER
   
   Learn about service status, publications and other available resources.
    * FortiGuard Sample Files
    * MITRE ATT&CK Matrix
    * NIST Cybersecurity Framework
    * Publications
    * Security Best Practices
   
   
 * About
   
   
   ABOUT
   
   FortiGuard Labs Partners
   AI-Powered Threat Intelligence for an Evolving Digital World.
    * Contact Us
    * Premium Services
    * RSS Feeds
   
   Leveraging cyber security industry partner relationships.
    * Cyber Threat Alliance
    * MITRE Engenuity

 * 

 * Research
   * Outbreak Alerts
   * Security Blog
   * Threat Signal
 * Services
   * Anti-Botnet
   * Anti-Recon and Anti-Exploit
   * AntiMalware
   * AntiSpam
   * Application Control
   * Assessment Services
   * Breach Attack Simulation
   * Cloud Threat Detection
   * Cloud Vulnerability
   * Dynamic Application Security Testing
   * Endpoint Detection & Response
   * Endpoint Detection and Response
   * Endpoint Forensics
   * Endpoint Vulnerability
   * FortiDevSec
   * Incident Response
   * Indicators of Compromise
   * Inline-CASB Application Definitions
   * Intrusion Protection
   * IoT Detection
   * NSE Training
   * Operational Technology Security
   * Outbreak Deception
   * Outbreak Detection
   * Pen Testing
   * Recon: ACI
   * Recon: BP
   * Recon: EASM
   * Sandbox Behavior Engine
   * Security Awareness Training
   * Security Rating
   * SOC Automation
   * Web Application Security
   * Web Filtering
 * Threat Intelligence
   * Application Control
   * FortiGuard Encyclopedia
   * Outbreak Threat Map
   * Threat Actor Encyclopedia
   * Threat Analytics
   * Web Filtering
 * Resources
   * FortiGuard Sample Files
   * MITRE ATT&CK Matrix
   * NIST Cybersecurity Framework
   * Publications
   * Security Best Practices
 * Support
   
   
   PSIRT CENTER
   
    * Advisories
    * PSIRT Blog
    * PSIRT Contact
    * Security Vulnerability Policy
   
   
   PRODUCT SUPPORT
   
    * FortiCare Support
    * Fortinet Community

 * About
   
   
   FORTIGUARD LABS
   
    * Contact Us
    * Premium Services
    * RSS Feeds
   
   
   PARTNERS
   
    * Cyber Threat Alliance
    * MITRE Engenuity

 * FORTINET

Normal Exact Match CVE ID PSIRT Antispam Outbreak Alert IP/Domain/URL


INTRUSION PREVENTION


MS.EXCHANGE.SERVER.AUTODISCOVER.REMOTE.CODE.EXECUTION


DESCRIPTION

This indicates an attack attempt to exploit a Remote Code Execution in Microsoft
Exchange Server.
The vulnerability is due to insufficient sanitization when handling a malicious
request. A remote attacker may be able to exploit this to disclose data or
execute arbitrary code within the context of the application, via a crafted HTTP
request.


OUTBREAK ALERT

Critical zero-day vulnerabilities that can allow the attacker to do a Remote
Code Execution (RCE) on Microsoft Exchange Servers. FortiGuard has added
multiple protections throughout the Security Fabric to safeguard its customers
from attacks exploiting these zero-day vulnerabilities.

View the full Outbreak Alert Report



The Hive ransomware gang has received up to $100+ million in ransom payments
from more than 1,300 victims according to a joint advisory released by the FBI,
the U.S. Cybersecurity and Infrastructure Security Agency, and the Department of
Health and Human Services.

View the full Outbreak Alert Report





View the full Outbreak Alert Report


AFFECTED PRODUCTS

Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 9
Microsoft Exchange Server 2016 Cumulative Update 20
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2019 Cumulative Update 8


IMPACT

System Compromise: Remote attackers can gain control of vulnerable systems.


RECOMMENDED ACTIONS

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473


TELEMETRY




COVERAGE

IPS (Regular DB) IPS (Extended DB)


VERSION UPDATES

Date Version Detail 2023-06-06 23.571 Sig Added 2023-03-08 23.508 Sig Added
2023-02-14 22.495 Sig Added 2022-12-27 22.464 Sig Added 2022-12-14 22.457 Sig
Added 2022-10-24 22.420 Sig Added 2022-10-11 22.411 Sig Added 2022-10-03 22.405
Name:MS.
Exchange.
Server.
CVE-2021-34473.
Remote.
Code.
Execution:MS.
Exchange.
Server.
Autodiscover.
Remote.
Code.
Execution 2022-09-14 22.392 Sig Added 2021-10-27 18.186 Sig Added


REFERENCES

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473

ID 50584 Created Jul 14, 2021 Updated Jun 06, 2023 Outbreak Alert MSExchange
Autodiscover RCE Hive Ransomware 2022 Annual Report Risk CVE ID CVE-2021-34473
CVE-2022-41040 CVE-2022-41082 Known Exploited Yes Exploit Prediction Score
96.46% Default Action drop Active Affected OS Windows Affected App MS_Exchange

 * Contact Us
 * Legal
 * Privacy
 * Partners
 * Feedback
   

 * 
 * 
 * 
 * 
 * 

Copyright © 2024 Fortinet, Inc. All Rights Reserved.

This site uses cookies. Some are essential to the operation of the site; others
help us improve the user experience. By continuing to use the site, you consent
to the use of these cookies. To learn more about cookies, please read our
privacy policy.

Accept