Vulnerability Details CVE-2020-0688
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
Proposed Action
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
Ransomware Campaign
Known
References
- http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
- https://www.zerodayinitiative.com/advisories/ZDI-20-258/
- http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
- https://www.zerodayinitiative.com/advisories/ZDI-20-258/
Products affected by CVE-2020-0688
-
cpe:2.3:a:microsoft:exchange_server:2010
-
cpe:2.3:a:microsoft:exchange_server:2013
-
cpe:2.3:a:microsoft:exchange_server:2016
-
cpe:2.3:a:microsoft:exchange_server:2019