⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-03.

CVE-2020-0688

CWE-287 — Improper Authentication CWE-502 — Deserialization of Untrusted Data CWE-798 — Hard-coded Credentials13 documents11 sources

Severity

8.8HIGH

EPSS

94.4%

top 0.03%

CISA KEV

KEVRansomware

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30 Microsoft Microsoft Exchange Server 2013 Microsoft Microsoft Exchange Server 2016 Cumulative Update 14 +4 more

Timeline

PublishedFeb 11

KEV addedNov 3

KEV dueMay 3

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶NVDmicrosoft/exchange_server4 versions+3

▶CVEListV5microsoft/microsoft_exchange_server_2013Cumulative Update 23

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_3unspecified

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_4unspecified

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_14unspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-4g56-8mc7-hpjq: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microso↗2022-05-24

▶

CVEList

CVE-2020-0688: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microso↗2020-02-11

▶

VulnCheck

Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability↗2020

▶

💥Exploits & PoCs

Exploit-DB

Exchange Control Panel - Viewstate Deserialization (Metasploit)↗2020-03-05

▶

Exploit-DB

Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution↗2020-03-02

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Possible Attempted Microsoft Exchange RCE (CVE-2020-0688)↗2020-02-26

▶

📋Vendor Advisories

CISA

Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability↗2021-11-03

▶

Microsoft

Microsoft Exchange Validation Key Remote Code Execution Vulnerability↗2020-02-11

▶

🕵️Threat Intelligence

Krebs

Microsoft Patch Tuesday, March 2020 Edition↗2020-03-10

▶

Volexity

Microsoft Exchange Control Panel (ECP) Vulnerability CVE-2020-0688 Exploited↗2020-03-06

▶

Volexity

Microsoft Exchange Control Panel (ECP) Vulnerability CVE-2020-0688 Exploited↗2020-03-06

▶