CVE-2020-17144

Microsoft Exchange Remote Code Execution Vulnerability

Basic Information

CVE State: PUBLISHED
Reserved Date: August 04, 2020
Published Date: December 09, 2020
Last Updated: February 04, 2025
Vendor: Microsoft
Product: Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 31
Description: Microsoft Exchange Remote Code Execution Vulnerability

CVSS Scores

CVSS v3.1

8.4 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2021-11-03 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2020-12-09 20:57:16 UTC) Source

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17144

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

zcgonvh/CVE-2020-17144

Type: github • Created: 2020-12-09 20:57:16 UTC • Stars: 159

weaponized tool for CVE-2020-17144

Airboi/CVE-2020-17144-EXP

Type: github • Created: 2020-12-09 10:30:16 UTC • Stars: 155

Exchange2010 authorized RCE