← back
CVE-2020-16875

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS 8.4 HIGHEPSS 47.1%
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 8.4EPSS 47.1%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
11 Sep 2020Published on NVD
12 Jan 2021Metasploit module available
Recommendation: Plan a near-term fix — a public PoC already exists.
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2016 Cumulative Update 16Microsoft · Microsoft Exchange Server 2016 Cumulative Update 17Microsoft · Microsoft Exchange Server 2019 Cumulative Update 5Microsoft · Microsoft Exchange Server 2019 Cumulative Update 6

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/159210/Microsoft-Exchange-Server-DlpUtils-AddTenantDlpPolicy-Remote-Code-Execution.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875