Elevation of Privilege Vulnerability in Microsoft Exchange Server by Microsoft
CVE-2020-0692

8.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2013; Microsoft Exchange Server 2019 Cumulative Update 3; Microsoft Exchange Server 2016 Cumulative Update 14; Microsoft Exchange Server 2019 Cumulative Update 4
Vendor: CVE Published:; 11 February 2020

Summary

An elevation of privilege vulnerability in Microsoft Exchange Server allows an attacker with low-level access to gain higher privileges on the system. If exploited, this could enable unauthorized users to perform actions that they are not normally permitted to. It is crucial for administrators to apply the recommended security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft Exchange Server 2013 Cumulative Update 23

Microsoft Exchange Server 2016 Cumulative Update 14 = unspecified

Microsoft Exchange Server 2016 Cumulative Update 15 = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2020
Vulnerability Reserved
Nov 4, 2019