CVE-2020-16875

A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised. The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.

Published: Sep 11, 2020
Updated: Jan 1, 2024
CVE: CVE-2020-16875
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2019-cumulative_update_6	2019-cumulative_update_6.x
microsoft / exchange_server	2019-cumulative_update_5	2019-cumulative_update_5.x
microsoft / exchange_server	2016-cumulative_update_17	2016-cumulative_update_17.x
microsoft / exchange_server	2016-cumulative_update_16	2016-cumulative_update_16.x

Vulnerability Database

289,599

CVE-2020-16875