Emerging Threats
CVE2021
CVE-2021-26858
2Rules
2References
1Folders
2023-05-08Latest
Summary
CVE-2021-26858 is tracked here through 2 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver, windows / file_event.
Related Detections
Search this threatEmerging Threatcriticaltest
ProxyLogon Reset Virtual Directories Based On IIS Log
When exploiting this vulnerability with CVE-2021-26858, an SSRF attack is used to manipulate virtual directories
Web Server Log
cve.2021-26858detection.emerging-threatsTA0001 · Initial AccessT1190 · Exploit Public-Facing Application
François HubautTue Aug 102021
Emerging Threathightest
CVE-2021-26858 Exchange Exploitation
Detects possible successful exploitation for vulnerability described in CVE-2021-26858 by looking for creation of non-standard files on disk by Exchange Server’s Unified Messaging service which could indicate dropping web shells or other malicious content
WindowsFile Event
T1203 · Exploitation for Client ExecutionTA0002 · Executioncve.2021-26858detection.emerging-threats
Bhabesh RajWed Mar 032021
References