Main Vulnerability Database Vulnerabilities #VU25227

#VU25227 Permissions, Privileges, and Access Controls in Microsoft Exchange Server - CVE-2020-0692

Published: February 11, 2020

Vulnerability identifier: #VU25227

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-0692

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Exchange Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to uspecified error in Microsoft Exchange Server. Exploitation of this vulnerability requires Exchange Web Services (EWS) to be enabled and in use in an affected environment. A remote attacker can change parameters in the Security Access Token, forward it to a Microsoft Exchange Server and impersonate an another Exchange user.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692

#VU25227 Permissions, Privileges, and Access Controls in Microsoft Exchange Server - CVE-2020-0692

Description

Remediation

External links

Please verify you're human