- Creation
- Validation
- Communication & fix
- Disclosure
hopital-clermont-lherault.fr / Microsoft Exchange Server is outdated
Deleted user
reported 2021-11-16
The following Exchange Server is publicly accessible and looks out-dated : https://webmail.hopital-clermont-lherault.fr
It is critical to update to a safe version as soon as possible since multiple CVEs allow remote attackers to DoS or achieve RCE (Remote code execution) on the server. Those vulnerabilities are currently used in ransomware campaign and could damage your network.
Reference:
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42321
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26427
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41348
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31196
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31206
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33768
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31195
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31198
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31209
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28480
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28481
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28482
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28483
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34523
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33766
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26412
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27078
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26854
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27065
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26857
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26858
IP:
80.11.42.142Port:
443Detected protocol:
httpsVulnerable URL:
https://webmail.hopital-clermont-lherault.fr/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.applicationFound Exchange server:
Build: 15.1.2176.2
Version: 2016CU19
Build date: 12/2020
Affected by CVE-2021-42321
Affected by CVE-2021-26427
Affected by CVE-2021-41348
Affected by CVE-2021-31196
Affected by CVE-2021-31206
Affected by CVE-2021-33768
Affected by CVE-2021-31195
Affected by CVE-2021-31198
Affected by CVE-2021-31207
Affected by CVE-2021-31209
Affected by CVE-2021-28480
Affected by CVE-2021-28481
Affected by CVE-2021-28482
Affected by CVE-2021-28483
Affected by CVE-2021-34473
Affected by CVE-2021-34523
Affected by CVE-2021-33766
Affected by CVE-2021-26412
Affected by CVE-2021-27078
Affected by CVE-2021-26854
Affected by CVE-2021-26855
Affected by CVE-2021-27065
Affected by CVE-2021-26857
Affected by CVE-2021-26858
Found by ExchangeVersion 2021-11-16
IP:
80.11.42.142Port:
443Detected protocol:
httpsVulnerable URL:
https://webmail.hopital-clermont-lherault.fr/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.applicationFound Exchange server:
Build: 15.1.2176.2
Version: 2016CU19
Build date: 12/2020
Affected by CVE-2021-42321
Affected by CVE-2021-26427
Affected by CVE-2021-41348
Affected by CVE-2021-31196
Affected by CVE-2021-31206
Affected by CVE-2021-33768
Affected by CVE-2021-31195
Affected by CVE-2021-31198
Affected by CVE-2021-31207
Affected by CVE-2021-31209
Affected by CVE-2021-28480
Affected by CVE-2021-28481
Affected by CVE-2021-28482
Affected by CVE-2021-28483
Affected by CVE-2021-34473
Affected by CVE-2021-34523
Affected by CVE-2021-33766
Affected by CVE-2021-26412
Affected by CVE-2021-27078
Affected by CVE-2021-26854
Affected by CVE-2021-26855
Affected by CVE-2021-27065
Affected by CVE-2021-26857
Affected by CVE-2021-26858
Found by ExchangeVersion 2021-11-30
IP:
80.11.42.142Port:
443Detected protocol:
httpsVulnerable URL:
https://webmail.hopital-clermont-lherault.fr/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.applicationFound Exchange server:
Build: 15.1.2176.2
Version: 2016CU19
Build date: 12/2020
Affected by CVE-2021-42321
Affected by CVE-2021-26427
Affected by CVE-2021-41348
Affected by CVE-2021-31196
Affected by CVE-2021-31206
Affected by CVE-2021-33768
Affected by CVE-2021-31195
Affected by CVE-2021-31198
Affected by CVE-2021-31207
Affected by CVE-2021-31209
Affected by CVE-2021-28480
Affected by CVE-2021-28481
Affected by CVE-2021-28482
Affected by CVE-2021-28483
Affected by CVE-2021-34473
Affected by CVE-2021-34523
Affected by CVE-2021-33766
Affected by CVE-2021-26412
Affected by CVE-2021-27078
Affected by CVE-2021-26854
Affected by CVE-2021-26855
Affected by CVE-2021-27065
Affected by CVE-2021-26857
Affected by CVE-2021-26858
Found by ExchangeVersion 2021-12-01
Report created by
deleted-user
2021-11-16
deleted-user
2021-11-16
Report approved by
BloodyShell
2021-11-16
BloodyShell
2021-11-16
New PDF report generated by system 2021-11-16
Report dispatched to ...@... by system 2021-11-16
system
commented 2022-01-05:
approved
shows in report
bip! I'm a LeakIX probe. This issue looks like it has been resolved!
New PDF report generated by system 2022-01-05
Report comment dispatched to zythop by system 2022-01-05
Report comment dispatched to cert-fr.cossi@ssi.gouv.fr by system 2022-01-05
Report marked as fixed by
BloodyShell
2022-01-05
BloodyShell
2022-01-05
Report closed by
BloodyShell
2022-01-05
BloodyShell
2022-01-05
New PDF report generated by system 2022-01-05
Report edited by
deleted-user
2022-01-06
deleted-user
2022-01-06
New PDF report generated by system 2022-01-06
Information
Owner
hopital-clermont-lherault.fr
Created
2021-11-16 10:53
Updated
2022-01-06 12:21
Fixed
true
Contacts
c...@ssi.gouv.fr
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report