CVE-2020-17152: Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 8.8)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2020-Dec

Released

2020-12-08

EPSS Score

11.97% (percentile: 93.8%)

FAQ

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability.

Affected Products (1)

Microsoft Dynamics

• Dynamics 365 for Finance and Operations

Security Updates (1)

• Release Notes

Acknowledgments

Ha Anh Hoang of <a href="https://viettelcybersecurity.com/">Viettel Cybersecurity</a>

Revision History

• 2020-12-08: Information published.