Tenable701277.PRMMicrosoft Exchange Remote Code Execution Vulnerability
The Microsoft Exchange Server installed on the remote host is missing security updates. A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.
Binary data 701277.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | exchange_server | cpe:/a:microsoft:exchange_server |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0692
packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html
packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html
www.zerodayinitiative.com/advisories/ZDI-20-258/