← voltar
CVE-2020-0688

CVE-2020-0688

CVSS 8.8 HIGHEPSS 100.0%● KEVCWE-287
Em resumo

O Microsoft Exchange possui uma vulnerabilidade que permite a invasores executar código malicioso remotamente no servidor. Isso ocorre porque o software não gerencia adequadamente dados na memória, podendo dar controle total do sistema de email a usuários não autorizados.

Detalhe técnico

Uma vulnerabilidade de corrupção de memória no Microsoft Exchange permite execução remota de código quando a aplicação falha em validar ou sanitizar adequadamente objetos armazenados na memória. Um atacante autenticado pode explorar isso para alcançar execução de código arbitrário com os privilégios do processo Exchange, comprometendo completamente o servidor de mail.

Resumo gerado e traduzido por IA a partir da descrição oficial.
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Microsoft · Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30Microsoft · Microsoft Exchange Server 2013Microsoft · Microsoft Exchange Server 2016 Cumulative Update 14Microsoft · Microsoft Exchange Server 2016 Cumulative Update 15Microsoft · Microsoft Exchange Server 2019 Cumulative Update 3Microsoft · Microsoft Exchange Server 2019 Cumulative Update 4
PoCs públicas encontradas30
githubgithub.com/zcgonvh/CVE-2020-0688354githubgithub.com/Ridter/cve-2020-0688326githubgithub.com/random-robbie/cve-2020-0688165githubgithub.com/Yt1g3r/CVE-2020-0688_EXP145githubgithub.com/Jumbo-WJB/CVE-2020-068866githubgithub.com/onSec-fr/CVE-2020-0688-Scanner37githubgithub.com/w4fz5uck5/cve-2020-0688-webshell-upload-technique23githubgithub.com/MrTiz/CVE-2020-068821githubgithub.com/W01fh4cker/CVE-2020-0688-GUI16githubgithub.com/zyn3rgy/ecp_slap11githubgithub.com/ravinacademy/CVE-2020-068811githubgithub.com/youncyb/CVE-2020-068810githubgithub.com/cert-lv/CVE-2020-06888githubgithub.com/justin-p/PSForgot2kEyXCHANGE5githubgithub.com/murataydemir/CVE-2020-06884githubgithub.com/ktpdpro/CVE-2020-06883githubgithub.com/1337-llama/CVE-2020-0688-Python32githubgithub.com/mahyarx/Exploit_CVE-2020-06882githubgithub.com/SLSteff/CVE-2020-0688-Scanner2githubgithub.com/righter83/CVE-2020-06882githubgithub.com/ann0906/proxylogon1githubgithub.com/truongtn/cve-2020-06881githubgithub.com/chudamax/CVE-2020-0688-Exchange20101githubgithub.com/tvdat20004/CVE-2020-06880githubgithub.com/7heKnight/CVE-2020-06880githubgithub.com/iamwajd/Cyber-Attack-Analysis0cve_referencepacketstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/48153não verificadoexploitdbwww.exploit-db.com/exploits/48168não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0688https://www.zerodayinitiative.com/advisories/ZDI-20-258/