9
CVE-2020-0688
- EPSS 94.38%
- Veröffentlicht 11.02.2020 22:15:15
- Zuletzt bearbeitet 04.02.2025 19:15:22
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Exchange Server Version2010 Updatesp3_rollup_30
Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_23
Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_14
Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_15
Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_3
Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_4
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
SchwachstelleMicrosoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.38% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.