'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:microsoft_exchange_server_command_execution_vulnerability(Rule ID:1070210491)

Release Date2025/9/15

Rule NameCVE-2022-23277,CVE-2021-42321:Microsoft Exchange Server Command Execution Vulnerability

Severity:critical

CVE IDCVE-2022-23277 CVE-2021-42321

 

Descripiton

Microsoft Exchange Server is an email service program of Microsoft Corporation of the United States. It provides functions such as email access, storage, forwarding, voice mail, and email filtering and screening. There is a code injection vulnerability in Microsoft Exchange Server. The following products and versions are affected: Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange Server 2016 Cumulative Update 21,Microsoft Exchange Server 2019 Cumulative Update 10,Microsoft Exchange Server 2016 Cumulative Update 22,Microsoft Exchange Server 2019 Cumulative Update 11. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.