CVE-2020-17117: Microsoft Exchange Remote Code Execution Vulnerability

Overview

Severity

Medium (CVSS 6.6)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Dec

Released

2020-12-08

EPSS Score

3.59% (percentile: 87.8%)

Affected Products (5)

Server Software

• Microsoft Exchange Server 2013 Cumulative Update 23
• Microsoft Exchange Server 2019 Cumulative Update 6
• Microsoft Exchange Server 2016 Cumulative Update 17
• Microsoft Exchange Server 2019 Cumulative Update 7
• Microsoft Exchange Server 2016 Cumulative Update 18

Security Updates (5)

• 4593466
• 4593465
• 4593465
• 4593465
• 4593465

Acknowledgments

Orange Tsai(@orange_8361) from DEVCORE, Steven Seeley (mr_me)

Revision History

• 2020-12-08: Information published.