Vulnerable Exchange Server Report

LAST UPDATED: 2022-10-16

This report contains a list of vulnerable Microsoft Exchange servers found through our daily IPv4 full Internet scans.

As of 2021-05-16 this scan contains information on services with the following remote code execution pre-authorization vulnerabilities:

The CVE-2021-26855 vulnerability assessment is made based on Microsoft’s http-vuln-cve2021-26855.nse nmap detection script.

You can track vulnerable Exchange scan results on the Shadowserver Dashboard.

Full Exchange exposure (population scan) can also be found on the Shadowserver Dashboard.

For more information on CVE-2021-26855 scanning efforts, please read about our previous special reports.

For more information on our scanning efforts, check out our Internet scanning summary page.

Fields

  • timestamp
    Timestamp when the IP was seen in UTC+0
  • ip
    IP of the affected device
  • port
    Port response was received from
  • hostname
    Hostname of the affected device (may be from reverse DNS)
  • tag
    Array of tags. This would be exchange;cve-2021-26855
  • asn
    AS of the affected device
  • geo
    Country of the affected device
  • region
    Region of the affected device
  • city
    City of the affected device
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • sector
    Sector of the IP in question
  • version
    Exchange version detected
  • servername
    Exchange server name

Sample

"timestamp","ip","port","hostname","tag","asn","geo","region","city","naics","sic","sector","version","servername","url"
"2021-05-14 00:11:30","12.237.x,x",443,"afs-exch-cas2.xxx.com","exchange;cve-2021-26855",7018,"US","CALIFORNIA","TURLOCK",517311,,"Communications, Service Provider, and Hosting Service","15.2.721","AFS-EXCH2019",
"2021-05-14 00:11:37","98.153.x.x",443,"rrcs-98-153-x-x.west.biz.rr.com","exchange;cve-2021-26855",20001,"US","CALIFORNIA","LOS ANGELES",517311,,"Communications, Service Provider, and Hosting Service","15.0.847","SSAMAIL",
"2021-05-14 00:11:38","206.210.x.x",443,"webmail.xxx.com","exchange;cve-2021-26855",17054,"US","PENNSYLVANIA","PITTSBURGH",518210,,,"15.0.1178","OMNYXEXCH02",
"2021-05-14 00:11:38","12.33.x.x",443,"mail.xxx.org","exchange;cve-2021-26855",7018,"US","ARKANSAS","LITTLE ROCK",921120,,"Communications, Service Provider, and Hosting Service","15.1.2176","MHASVR02",
"2021-05-14 00:11:38","41.204.x.x",443,"mail.xxx.mg","exchange;cve-2021-26855",21042,"MG","ANTANANARIVO","ANTANANARIVO",,,,,"SABMHQE0232",
"2021-05-14 00:11:38","62.33.x.x",443,,"exchange;cve-2021-26855",20485,"RU","ALTAYSKIY KRAY","BARNAUL",,,,"15.2.659","PV-SRV04",
"2021-05-14 00:11:43","199.33.x.x",443,"mail.xxx.tv","exchange;cve-2021-26855",26481,"US","CALIFORNIA","LOS ANGELES",,,,"15.1.1779","MAIL",

Our 130 Report Types