9
CVE-2020-0688
- EPSS 94.38%
- Published 11.02.2020 22:15:15
- Last modified 04.02.2025 19:15:22
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Exchange Server Version2010 Updatesp3_rollup_30
Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_23
Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_14
Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_15
Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_3
Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_4
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
VulnerabilityMicrosoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.38% | 1 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.