Main Vulnerability Database Exploits ID:7791 - Exploit for Deserialization of untrusted data in Microsoft Exchange Server - CVE-2020-0688

ID:7791 - Exploit for Deserialization of untrusted data in Microsoft Exchange Server - CVE-2020-0688

Published: May 12, 2022

Vulnerability identifier: #VU25226

Vulnerability risk: High

CVE-ID: CVE-2020-0688

CWE-ID: CWE-502

Exploitation vector: Remote access

Vulnerable software:
Microsoft Exchange Server

Link to public exploit:

https://github.com/7heKnight/CVE-2020-0688

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary on the system.

The vulnerability exists due to an input validation error within the Microsoft Exchange OCP interface when processing VIEWSTATE data. A remote authenticated attacker can send a specially crafted HTTP request to a vulnerable Exchange server and execute arbitrary code on the target system.

Note, this vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

ID:7791 - Exploit for Deserialization of untrusted data in Microsoft Exchange Server - CVE-2020-0688

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human