The Art of Defense

[ SB 21.16 ] ProxyToken Exchange Vuln (CVE-2021-33766)

A bug in MS Exchange allows an unauthenticated attacker to bypass authentication, change mailbox-settings and read emails of its target.

The bug is called "ProxyToken" and details had been published by the ZeroDayInitiative earlier this week.

vulnscan - results

SUMMARY for ms_exchange_proxytoken / CVE-2021-33766

IPs       : 43096
Networks  : 16726 
ASNs      : 5792
Countries : 203


Top  Countries
Country |  Count   
--------+-----------
     US |  10261 
     DE |   5311 
     GB |   2834 
     FR |   2156 
     RU |   1944 
     IT |   1738 
     CA |   1684 
     CH |   1366 
     AU |   1141 
     NL |    974 
     AT |    774 
     HK |    667 
     TW |    545 


Top 100 ASNs

ASN_NR    |  Count | ASNName 
----------+--------+-----------------------------------
     3320 |   2614 | DTAG Internet service provider operations, DE 
     7922 |   1268 | COMCAST-7922, US 
     7018 |    921 | ATT-INTERNET4, US 
     3209 |    758 | VODANET International IP-Backbone of Vodafone, DE 
     3303 |    703 | SWISSCOM Swisscom Switzerland Ltd, CH 
     3215 |    694 | France Telecom - Orange, FR 
     2856 |    506 | BT-UK-AS BTnet UK Regional network, GB 
     3269 |    435 | ASN-IBSNAZ, IT 
    22773 |    429 | ASN-CXA-ALL-CCI-22773-RDC, US 
      701 |    410 | UUNET, US 
     3462 |    395 | HINET Data Communication Business Group, TW 
    20115 |    307 | CHARTER-20115, US 
     8075 |    281 | MICROSOFT-CORP-MSN-AS-BLOCK, US 
      209 |    276 | CENTURYLINK-US-LEGACY-QWEST, US 
     1221 |    259 | ASN-TELSTRA Telstra Corporation Ltd, AU 
   201429 |    255 | TRANSAVTOLIZ-AS, RU 
    10796 |    252 | TWC-10796-MIDWEST, US 
      577 |    247 | BACOM, CA 
    15557 |    237 | LDCOMNET, FR 
     5089 |    233 | NTL, GB 
     6327 |    232 | SHAW, CA 
     8447 |    223 | A1TELEKOM-AT A1 Telekom Austria AG, AT 
     5650 |    222 | FRONTIER-FRTR, US 
     3352 |    218 | TELEFONICA_DE_ESPANA, ES 
      174 |    197 | COGENT-174, US 
     9381 |    197 | HKBNES-AS-AP HKBN Enterprise Solutions HK Limited, HK 
     3549 |    191 | LVLT-3549, US 
     6128 |    191 | CABLE-NET-1, US 
     5413 |    180 | AS5413, GB 
     7029 |    178 | WINDSTREAM, US 
     7545 |    176 | TPG-INTERNET-AP TPG Telecom Limited, AU 
     8412 |    176 | TMA Magenta Telekom, AT 
    24940 |    172 | HETZNER-AS, DE 
    31655 |    168 | ASN-GAMMATELECOM, GB 
      852 |    161 | TELUS Communications, CA 
    30722 |    159 | VODAFONE-IT-ASN, IT 
     5769 |    149 | VIDEOTRON, CA 
     6830 |    145 | LIBERTYGLOBAL Liberty Global formerly UPC Broadband Holding, aka AORTA, NL 
     4515 |    144 | ERX-STAR HKT Limited, HK 
     8220 |    144 | COLT COLT Technology Services Group Limited, GB 
    33363 |    136 | BHN-33363, US 
    16276 |    135 | OVH, FR 
     5432 |    135 | PROXIMUS-ISP-AS, BE 
    11427 |    130 | TWC-11427-TEXAS, US 
     3216 |    130 | SOVAM-AS, RU 
    33915 |    128 | TNF-AS, NL 
    20001 |    127 | TWC-20001-PACWEST, US 
     5384 |    125 | EMIRATES-INTERNET Emirates Internet, AE 
    15525 |    123 | MEO-EMPRESAS, PT 
    54113 |    123 | FASTLY, US 
    13037 |    118 | ZEN-AS Zen Internet - UK, GB 
     8452 |    117 | TE-AS TE-AS, EG 
      812 |    111 | ROGERS-COMMUNICATIONS, CA 
    11351 |    108 | TWC-11351-NORTHEAST, US 
     8468 |    104 | ENTANET ENTANET International Limited, GB 
     6848 |    103 | TELENET-AS, BE 
    14265 |    101 | US-TELEPACIFIC, US 
     4788 |    101 | TMNET-AS-AP TM Net, Internet Service Provider, MY 
     3356 |    100 | LEVEL3, US 
     3758 |    100 | SINGNET SingNet, SG



Fragen? Kontakt: info@zero.bs
Filed: Thu 02 September 2021 | Security Bulletin | Tags: exchange sb



Main-Links

Blog

OSS & Projects



(c) copyright 2017-2023 zeroBS GmbH, all rights reserved
info@zero.bs