Threat Intelligence / CVE / CVE-2020-0688
CVE-2020-0688
CISA KEVRansomwareA remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-287
Threats tracking this CVE
- Static Tundra (Dragonfly/Energetic Bear) ICS Attacks on Polish Energy Infrastructure — CRITICAL
- Static Tundra ICS Attacks on Polish Energy Infrastructure with DynoWiper — CRITICAL
- MuddyWater Operation Olalampo — Iran MOIS-Nexus APT Deploys New Malware Variants with Telegram Bot C2 Targeting Middle Eastern Governments and Critical Infrastructure — HIGH
References
- http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
- https://www.zerodayinitiative.com/advisories/ZDI-20-258/
- http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
- https://www.zerodayinitiative.com/advisories/ZDI-20-258/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0688
Full detection coverage & IOCs for threats exploiting CVE-2020-0688 are available via the Threadlinqs MCP server (Purple tier). View plans →