CVE-2020-16875
HIGH EXPLOITED RANSOMWAREMicrosoft Exchange Server DlpUtils AddTenantDlpPolicy RCE
Title source: metasploitExploitation Summary
CVE-2020-16875 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.
Description
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/159210/Microsoft-Exchange-Server-DlpUtils-AddTenantDlpPolicy-Remote-Code-Execution.html
Scores
CVSS v3
8.4
EPSS
0.4714
EPSS Percentile
98.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Details
VulnCheck KEV
2022-10-21
Ransomware Use
Confirmed
CWE
CWE-269
CWE-74
Status
published
Products (2)
microsoft/exchange_server
2016 cumulative_update_16 (2 CPE variants)
microsoft/exchange_server
2019 cumulative_update_5 (2 CPE variants)
Published
Sep 11, 2020
Tracked Since
Feb 18, 2026