ProxyLogon (CVE-2021-26855)
ProxyLogon is the pre-auth SSRF in Microsoft Exchange that, chained with three other CVEs, gave full Exchange compromise — exploited by HAFNIUM weeks before disclosure.
Definition
ProxyLogon (CVE-2021-26855) is a server-side request forgery in Microsoft Exchange Server that lets an unauthenticated remote attacker authenticate as the Exchange server itself. Chained with three subsequent CVEs (CVE-2021-26857, CVE-2021-26858, CVE-2021-27065), the full chain reaches SYSTEM on the Exchange host. The chain was actively exploited by the HAFNIUM threat group weeks before the public disclosure in March 2021.
Mitigation
Apply Exchange's March 2021 cumulative updates.