Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

CISACISA-KEV-CVE-2020-0688

HistoryNov 03, 2021 - 12:00 a.m.

Vulners
/
Cisa Kev
/
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability

Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability

2021-11-0300:00:00

CISA

www.cisa.gov

microsoft exchange server

validation key

remote code execution

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.97

Percentile

99.8%

JSON

Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.

threatpost 37

attackerkb 5

checkpoint_advisories 1

githubexploit 10

metasploit 2

exploitpack 1

securelist 4

cisa 1

cvelist 1

mssecure 2

exploitdb 2

packetstorm 3

zdt 3

mscve 5

canvas 1

nvd 1

cve 1

mskb 3

rapid7blog 3

prion 1

taosecurity 1

trendmicroblog 1

zdi 1

thn 8

nessus 1

avleonov 3

0daydb 1

kaspersky 1

hivepro 1

ics 8

krebs 3

malwarebytes 1

qualysblog 7

googleprojectzero 1

talosblog 1

threatpost

DHS Shortens Deadline For Gov Agencies to Fix Critical Flaws

2019-05-01 19:57:27

Facial Recognition 'Consent’ Doesn’t Exist, Threatpost Poll Finds

2019-04-26 12:10:15

Users Urged to Update WordPress Plugin After Flaw Disclosed

2019-04-26 19:44:55

attackerkb

CVE-2020-0688 - Exchange Control Panel Viewstate Deserialization Bug

2020-02-11 00:00:00

CVE-2020-16875

2020-09-11 00:00:00

CVE-2020-16952 — Microsoft SharePoint Remote Code Execution Vulnerabilities

2020-10-16 00:00:00

checkpoint_advisories

Microsoft Exchange Server Remote Code Execution (CVE-2020-0688)

2020-03-01 00:00:00

githubexploit

Exploit for Improper Authentication in Microsoft

2021-01-04 10:48:40

Exploit for Improper Authentication in Microsoft

2020-02-27 02:54:27

Exploit for Improper Authentication in Microsoft

2020-06-12 08:28:35

metasploit

Exchange Control Panel ViewState Deserialization

2020-02-28 02:57:08

Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability

2020-06-10 16:02:49

exploitpack

Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution

2020-03-02 00:00:00

securelist

GReAT Ideas follow-up

2020-07-15 10:00:13

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

2021-12-14 10:00:39

APT trends report Q2 2020

2020-07-29 10:00:09

cisa

Unpatched Microsoft Exchange Servers Vulnerable to CVE-2020-0688

2020-03-10 00:00:00

cvelist

CVE-2020-0688

2020-02-11 21:22:59

mssecure

Defending Exchange servers under attack

2020-06-24 16:00:40

Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

2020-04-28 16:00:49

exploitdb

Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution

2020-03-02 00:00:00

Exchange Control Panel - Viewstate Deserialization (Metasploit)

2020-03-05 00:00:00

packetstorm

Microsoft Exchange 2019 15.2.221.12 Remote Code Execution

2020-03-02 00:00:00

Exchange Control Panel Viewstate Deserialization

2020-03-04 00:00:00

Background Intelligent Transfer Service Privilege Escalation

2020-06-11 00:00:00

zdt

Exchange Control Panel Viewstate Deserialization Exploit

2020-03-05 00:00:00

Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Exploit

2020-03-02 00:00:00

Background Intelligent Transfer Service Privilege Escalation Exploit

2020-06-12 00:00:00

mscve

Microsoft Exchange Validation Key Remote Code Execution Vulnerability

2020-02-11 08:00:00

Microsoft Exchange Server Remote Code Execution Vulnerability

2021-03-02 08:00:00

Microsoft Exchange Server Remote Code Execution Vulnerability

2021-03-02 08:00:00

canvas

Immunity Canvas: OWA_RCE

2020-02-11 22:15:00

nvd

CVE-2020-0688

2020-02-11 22:15:15

cve

CVE-2020-0688

2020-02-11 22:15:15

mskb

Description of the security update for Microsoft Exchange Server 2010: February 11, 2020

2020-02-11 08:00:00

Description of the security update for Microsoft Exchange Server 2019 and 2016: February 11, 2020

2020-02-11 08:00:00

Description of the security update for Microsoft Exchange Server 2013: February 11, 2020

2020-02-11 08:00:00

rapid7blog

Microsoft Exchange 2010 End of Support and Overall Patching Study

2020-09-29 16:05:16

Staying Secure in a Global Cyber Conflict

2022-02-25 01:31:27

Metasploit Wrap-Up

2020-10-09 19:41:47

prion

Remote code execution

2020-02-11 22:15:00

taosecurity

If You Can't Patch Your Email Server, You Should Not Be Running It

2020-04-07 15:28:00

trendmicroblog

This Week in Security News: Exploring Common Threats to Cloud Security and Zoom Removes Meeting IDs from App Title Bar to Improve Privacy

2020-04-10 12:46:43

zdi

Microsoft Exchange Server Exchange Control Panel Fixed Cryptographic Key Remote Code Execution Vulnerability

2020-02-20 00:00:00

thn

NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers

2021-07-02 06:23:00

NoxPlayer Supply-Chain Attack is Likely the Work of Gelsemium Hackers

2021-06-14 13:34:00

FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape

2022-12-22 13:13:00

nessus

Security Updates for Exchange (February 2020)

2020-02-11 00:00:00

avleonov

Microsoft Patch Tuesday February 2020

2020-02-13 14:50:34

Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 “Wormable” RCE and updates for February goldies

2020-03-22 01:15:34

Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities

2020-04-26 01:24:38

0daydb

Background Intelligent Transfer Service CVE-2020-0787 - Privilege Escalation

2020-06-12 13:15:16

kaspersky

KLA11664 Multiple vulnerabilities in Microsoft Exchange Server

2020-02-11 00:00:00

hivepro

Russian state-sponsored cyber actors targeting U.S. critical infrastructure

2022-02-18 12:20:35

ics

Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks

2022-02-24 12:00:00

Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology

2022-02-16 12:00:00

Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

2020-10-24 12:00:00

krebs

Microsoft Patch Tuesday, March 2020 Edition

2020-03-10 23:44:29

Microsoft Patch Tuesday, Sept. 2020 Edition

2020-09-08 21:33:26

Microsoft Patch Tuesday, February 2020 Edition

2020-02-11 23:13:57

malwarebytes

Threat profile: Egregor ransomware is making a name for itself

2020-12-15 13:58:58

qualysblog

February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns

2020-02-11 19:47:15

Qualys Security Advisory: SolarWinds / FireEye

2020-12-22 21:17:31

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

2022-05-06 12:19:24

googleprojectzero

The More You Know, The More You Know You Don’t Know

2022-04-19 00:00:00

talosblog

Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage

2020-02-13 08:22:46

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.97

Percentile

99.8%

JSON

Related for CISA-KEV-CVE-2020-0688