CVE-2020-16875

Summary

<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 515.02.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 615.02.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1615.01.0 < publicationaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 1715.01.0 < publicationaffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References