CVE-2020-16875
Description
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised. The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
85.61
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft Exchange Memory Corruption Vulnerability For Exchange Server 2016 CU16 (KB4577352) | Windows |
| Microsoft Exchange Memory Corruption Vulnerability For Exchange Server 2016 CU17 (KB4577352) | Windows |
| Microsoft Exchange Memory Corruption Vulnerability For Exchange Server 2019 CU5 (KB4577352) | Windows |
| Microsoft Exchange Memory Corruption Vulnerability For Exchange Server 2019 CU6 (KB4577352) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-29877 | Security Update For Exchange Server 2016 CU16 (KB4577352) |
| PATCH-29878 | Security Update For Exchange Server 2016 CU17 (KB4577352) |
| PATCH-29879 | Security Update For Exchange Server 2019 CU5 (KB4577352) |
| PATCH-29880 | Security Update For Exchange Server 2019 CU6 (KB4577352) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234