Kaspersky LabKLA12026KLA12026 Multiple vulnerabilities in Microsoft Dynamics
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.6%
Detect date:
12/08/2020
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information.
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products:
Microsoft Dynamics 365 (on-premises) version 8.2
Dynamics 365 for Finance and Operations
Microsoft Dynamics 365 (on-premises) version 9.0
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2020-17147
CVE-2020-17152
CVE-2020-17158
CVE-2020-17133
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2020-171478.7Critical
CVE-2020-171528.8Critical
CVE-2020-171588.8Critical
CVE-2020-171336.5High
KB list:
Microsoft official advisories:
References
support.microsoft.com/kb/4583556
support.microsoft.com/kb/4595459
support.microsoft.com/kb/4595462
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17152
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17158
nvd.nist.gov/vuln/detail/CVE-2020-17133
nvd.nist.gov/vuln/detail/CVE-2020-17147
nvd.nist.gov/vuln/detail/CVE-2020-17152
nvd.nist.gov/vuln/detail/CVE-2020-17158
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Dynamics-365/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.6%