Vulnerable Exchange Server Report

LAST UPDATED: 2021-04-23

This report contains a list of vulnerable Microsoft Exchange servers found through our scans.

As of 2021-04-23 this scan contains information on services with the following remote code execution pre-authorization vulnerabilities:

The CVE-2021-26855 vulnerability assessment is made based on Microsoft’s http-vuln-cve2021-26855.nse nmap detection script.

For more information on CVE-2021-26855 scanning efforts, please read about our previous special reports.

The CVE-2021-28480 and CVE-2021-28481 assessments are made based on detected Microsoft Exchange versions that have been reported to be vulnerable by Microsoft. Note that these versions are also susceptible to other post-auth vulnerabilities as mentioned here.

The following mapping is used to arrive at these affected versions:

CPE Version
2013 U23 15.0.1497.2
2016 U19 15.1.2176.2
2016 U20 15.1.2242.4
2019 U8 15.2.792.3
2019 U9 15.2.858.5

Fields

  • timestamp
    Timestamp when the IP was seen in UTC+0
  • ip
    IP of the affected device
  • port
    Port response was received from
  • hostname
    Hostname of the affected device (may be from reverse DNS)
  • tag
    Array of tags. This would be either exchange;cve-2021-28480;cve-2021-28481 or exchange;cve-2021-26855
  • asn
    AS of the affected device
  • geo
    Country of the affected device
  • region
    Region of the affected device
  • city
    City of the affected device
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • sector
    Sector of the IP in question
  • version
    Exchange version detected
  • servername
    Exchange server name

Sample

"timestamp","ip","port","hostname","tag","asn","geo","region","city","naics","sic","sector","version","servername"
"2021-04-22 00:14:11","50.253.x.x",443,"50-253-x-x-static.hfc.comcastbusiness.net","exchange;cve-2021-28480;cve-2021-28481",7922,"US","FLORIDA","HOLLYWOOD",517311,,"Communications, Service Provider, and Hosting Service","15.2.792","CDE-EX2019"
"2021-04-22 00:14:11","77.60.x.x",443,"x.x.nl","exchange;cve-2021-28480;cve-2021-28481",1136,"NL","NOORD-HOLLAND","AMSTERDAM",541519,,"Communications, Service Provider, and Hosting Service","15.1.2176","EXCHANGE2016"
"2021-04-22 00:14:11","81.63.x.x",443,"x.x.ch","exchange;cve-2021-28480;cve-2021-28481",3303,"CH","BERN","BIEL",517311,,"Communications, Service Provider, and Hosting Service","15.0.1497","EX-XXX"
"2021-04-22 00:14:11","75.138.x.x",443,"075-138-x-x.biz.spectrum.com","exchange;cve-2021-28480;cve-2021-28481",20115,"US","MASSACHUSETTS","WEST BOYLSTON",517311,,"Communications, Service Provider, and Hosting Service","15.0.1497","PROMETHEUS"
"2021-04-22 00:14:11","217.91.x.x",443,"pd95b4xxx.dip0.t-ipconnect.de","exchange;cve-2021-28480;cve-2021-28481",3320,"DE","NORDRHEIN-WESTFALEN","SCHLANGEN",517311,,"Communications, Service Provider, and Hosting Service","15.2.792","VS12-BN-DE-DRK"
"2021-04-22 00:14:11","109.239.x.x",443,"x.x.co.uk","exchange;cve-2021-28480;cve-2021-28481",33920,"UK","LEEDS","MORLEY",,,,"15.2.792","CFMAIL"

Our 106 Report Types