← Retour aux CVEs
CVE-2020-0688
HIGHCISA KEV8.8
Description
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie2/11/2020
Derniere modification10/29/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurMicrosoft
ProduitExchange Server
Nom vulnerabiliteMicrosoft Exchange Server Validation Key Remote Code Execution Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareKnown
Produits affectes
microsoft:exchange_server
Faiblesses (CWE)
CWE-287CWE-287
References
http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html(secure@microsoft.com)
http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688(secure@microsoft.com)
https://www.zerodayinitiative.com/advisories/ZDI-20-258/(secure@microsoft.com)
http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688(af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-20-258/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0688(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.