logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-17132

Description

Aka ‘Microsoft Exchange Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17117, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144. **Recent assessments:** **zeroSteiner** at January 12, 2021 7:07pm UTC reported: This is vulnerability is a bypass for the patch issued for [CVE-2020-16875](<https://attackerkb.com/topics/Y2azzfAbid/cve-2020-16875>). The vulnerability was also identified and analyzed by Steven Seeley. The patch can be bypassed using call operators as described in Seeley’s blog [Making Clouds Rain RCE in Office 365](<https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html>). The original vulnerability is a command injection vulnerability that results in OS commands being executed with SYSTEM level privileges on the Exchange server due to insufficient sanitization on a cmdlet invocation. Assessed Attacker Value: 5 Assessed Attacker Value: 5Assessed Attacker Value: 4


Related