CVE-2020-0688
CVE-2020-0688
In short
Microsoft Exchange has a vulnerability that allows attackers to run malicious code remotely on the server. This happens because the software doesn't properly manage data in memory, potentially giving unauthorized users full control of the email system.
Technical detail
A memory corruption vulnerability in Microsoft Exchange allows remote code execution when the application fails to properly validate or sanitize objects in memory. An authenticated attacker can exploit this to achieve arbitrary code execution with the privileges of the Exchange process, leading to complete compromise of the mail server.
Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Microsoft · Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30Microsoft · Microsoft Exchange Server 2013Microsoft · Microsoft Exchange Server 2016 Cumulative Update 14Microsoft · Microsoft Exchange Server 2016 Cumulative Update 15Microsoft · Microsoft Exchange Server 2019 Cumulative Update 3Microsoft · Microsoft Exchange Server 2019 Cumulative Update 4public PoCs found — 30
githubgithub.com/zcgonvh/CVE-2020-0688★ 354githubgithub.com/Ridter/cve-2020-0688★ 326githubgithub.com/random-robbie/cve-2020-0688★ 165githubgithub.com/Yt1g3r/CVE-2020-0688_EXP★ 145githubgithub.com/Jumbo-WJB/CVE-2020-0688★ 66githubgithub.com/onSec-fr/CVE-2020-0688-Scanner★ 37githubgithub.com/w4fz5uck5/cve-2020-0688-webshell-upload-technique★ 23githubgithub.com/MrTiz/CVE-2020-0688★ 21githubgithub.com/W01fh4cker/CVE-2020-0688-GUI★ 16githubgithub.com/zyn3rgy/ecp_slap★ 11githubgithub.com/ravinacademy/CVE-2020-0688★ 11githubgithub.com/youncyb/CVE-2020-0688★ 10githubgithub.com/cert-lv/CVE-2020-0688★ 8githubgithub.com/justin-p/PSForgot2kEyXCHANGE★ 5githubgithub.com/murataydemir/CVE-2020-0688★ 4githubgithub.com/ktpdpro/CVE-2020-0688★ 3githubgithub.com/1337-llama/CVE-2020-0688-Python3★ 2githubgithub.com/mahyarx/Exploit_CVE-2020-0688★ 2githubgithub.com/SLSteff/CVE-2020-0688-Scanner★ 2githubgithub.com/righter83/CVE-2020-0688★ 2githubgithub.com/ann0906/proxylogon★ 1githubgithub.com/truongtn/cve-2020-0688★ 1githubgithub.com/chudamax/CVE-2020-0688-Exchange2010★ 1githubgithub.com/tvdat20004/CVE-2020-0688★ 0githubgithub.com/7heKnight/CVE-2020-0688★ 0githubgithub.com/iamwajd/Cyber-Attack-Analysis★ 0cve_referencepacketstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48153unverifiedexploitdbwww.exploit-db.com/exploits/48168unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0688https://www.zerodayinitiative.com/advisories/ZDI-20-258/