CVE-2020-17132: Microsoft Exchange Remote Code Execution Vulnerability

Overview

Severity

Critical (CVSS 9.1)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Dec

Released

2020-12-08

Last Updated

2020-12-08

EPSS Score

82.75% (percentile: 99.2%)

FAQ

What can cause this vulnerability? The vulnerability occurs due to improper validation of cmdlet arguments. Does the attacker need to be in an authenticated role in the Exchange Server? Yes, the attacker must be authenticated.

Detection & Weaponization (1 sources)

Maturity: Exploit

• Metasploit modules: Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE

Affected Products (5)

Server Software

• Microsoft Exchange Server 2013 Cumulative Update 23
• Microsoft Exchange Server 2019 Cumulative Update 6
• Microsoft Exchange Server 2016 Cumulative Update 17
• Microsoft Exchange Server 2019 Cumulative Update 7
• Microsoft Exchange Server 2016 Cumulative Update 18

Security Updates (5)

• 4593466
• 4593465
• 4593465
• 4593465
• 4593465

Acknowledgments

Steven Seeley of Source Incite, X41 D-SEC GmbH, Markus Vervier, Yasar Klawohn, Dlive(https://twitter.com/D1iv3) of Tencent Security Xuanwu Lab

Revision History

• 2020-12-08: Information published.
• 2020-12-08: Updated one or more CVSS scores for the affected products. This is an informational change only.