SERVER-MAIL -- Snort has detected traffic exploiting vulnerabilities in mail servers (such as Exchange, Courrier). These are different from protocol traffic, as this deals with the traffic going to the mail server itself.
SERVER-MAIL Microsoft Exchange Server certificate leak attempt
This rule detects a request that leak a cert file which results in a CSRF token to be generated. The CSRF token then can be used to escalate privileges to an administrative account
This rule detects a vulnerability in Microsoft Exchange Server. An attacker can leverage this vulnerability to escalate privileges to an administrative account.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Cross Site Request Forgery
Cross Site Request Forgery (CSRF) attacks target a users account. Once a user has logged in, the script can then manipulate that account to change its state (for instance, password or email changes, purchasing, etc.). The severity of the attack is amplified if the victim account has administrative privileges.
CVE-2021-24085 |
Loading description
|
Tactic: Privilege Escalation
Technique: Exploitation for Privilege Escalation
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org