CVE-2020-0688: Microsoft Exchange Server Static Key Flaw Could Lead to Remote Code Execution
Tenable
FEBRUARY 25, 2020
The use of static keys could allow an authenticated attacker with any privilege level to send a specially crafted request to a vulnerable ECP and gain SYSTEM level arbitrary code execution. In their blog, the ZDI shared a YouTube video demonstrating exploitation of this flaw. Valid user credential requirement. Proof of concept.
Let's personalize your content