// For flags

CVE-2020-0688

Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

19
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

Se presenta una vulnerabilidad de ejecución de código remota en el software Microsoft Exchange cuando el software no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Microsoft Exchange Memory Corruption Vulnerability".

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Exchange Control Panel web application. The product fails to generate a unique cryptographic key at installation, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.

Microsoft Exchange 2019 version 15.2.221.12 suffers from an authenticated remote code execution vulnerability.

Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.

*Credits: Anonymous
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-11-04 CVE Reserved
  • 2020-02-11 CVE Published
  • 2020-02-27 First Exploit
  • 2021-11-03 Exploited in Wild
  • 2022-05-03 KEV Due Date
  • 2024-08-04 CVE Updated
  • 2024-11-11 EPSS Updated
CWE
  • CWE-287: Improper Authentication
CAPEC
References (22)
URL Tag Source
https://www.zerodayinitiative.com/advisories/ZDI-20-258 Third Party Advisory
https://www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys
URL Date SRC
https://www.exploit-db.com/exploits/48168 2020-03-05
https://www.exploit-db.com/exploits/48153 2020-03-02
https://github.com/zcgonvh/CVE-2020-0688 2020-03-21
https://github.com/Jumbo-WJB/CVE-2020-0688 2020-02-27
https://github.com/onSec-fr/CVE-2020-0688-Scanner 2021-06-01
https://github.com/ravinacademy/CVE-2020-0688 2020-03-31
https://github.com/MrTiz/CVE-2020-0688 2021-06-06
https://github.com/youncyb/CVE-2020-0688 2020-02-28
https://github.com/W01fh4cker/CVE-2020-0688-GUI 2024-05-09
https://github.com/righter83/CVE-2020-0688 2021-09-10
https://github.com/ktpdpro/CVE-2020-0688 2020-04-22
https://github.com/chudamax/CVE-2020-0688-Exchange2010 2023-08-02
https://github.com/cert-lv/CVE-2020-0688 2020-03-19
https://github.com/murataydemir/CVE-2020-0688 2020-08-29
https://github.com/SLSteff/CVE-2020-0688-Scanner 2020-10-29
https://github.com/1337-llama/CVE-2020-0688-Python3 2023-10-26
https://github.com/7heKnight/CVE-2020-0688 2022-06-03
http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html 2024-08-04
http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html 2024-08-04
URL Date SRC
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 2024-02-13
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Exchange Server
Search vendor "Microsoft" for product "Exchange Server"
 2010
Search vendor "Microsoft" for product "Exchange Server" and version "2010"
sp3_rollup_30
Affected
Microsoft
Search vendor "Microsoft"
 Exchange Server
Search vendor "Microsoft" for product "Exchange Server"
 2013
Search vendor "Microsoft" for product "Exchange Server" and version "2013"
cumulative_update_23
Affected
Microsoft
Search vendor "Microsoft"
 Exchange Server
Search vendor "Microsoft" for product "Exchange Server"
 2016
Search vendor "Microsoft" for product "Exchange Server" and version "2016"
cumulative_update_14
Affected
Microsoft
Search vendor "Microsoft"
 Exchange Server
Search vendor "Microsoft" for product "Exchange Server"
 2016
Search vendor "Microsoft" for product "Exchange Server" and version "2016"
cumulative_update_15
Affected
Microsoft
Search vendor "Microsoft"
 Exchange Server
Search vendor "Microsoft" for product "Exchange Server"
 2019
Search vendor "Microsoft" for product "Exchange Server" and version "2019"
cumulative_update_3
Affected
Microsoft
Search vendor "Microsoft"
 Exchange Server
Search vendor "Microsoft" for product "Exchange Server"
 2019
Search vendor "Microsoft" for product "Exchange Server" and version "2019"
cumulative_update_4
Affected