CVE-2020-1182: Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

Overview

Severity

N/A

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Aug

Released

2020-08-12

EPSS Score

14.35% (percentile: 94.4%)

Description

A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input.

Affected Products (1)

Microsoft Dynamics

• Dynamics 365 for Finance and Operations

Security Updates (1)

• Release Notes

Acknowledgments

Saif ElSherei of MSRC Vulnerabilities and Mitigations Team

Revision History

• 2020-08-12: Information published.