Cyber Resilience

CVE-2020-0688

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 11 February 2020

Published
11 February 2020
Modified
29 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9438 100.0th percentile
Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-0688 is a high-severity Improper Authentication (CWE-287) vulnerability in Microsoft Exchange Server. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2020-0688 is a remote code execution vulnerability in Microsoft Exchange software that arises when the product fails to properly handle objects in memory, resulting in memory corruption. It is tracked under CWE-287 and carries a CVSS 3.1 base score of 8.8 reflecting network attack vector, low attack complexity, and low privileges required.

An authenticated attacker with low privileges can exploit the flaw remotely and without user interaction to achieve arbitrary code execution with full confidentiality, integrity, and availability impact on the affected Exchange server. Publicly available proof-of-concept code demonstrates the issue through the Exchange Control Panel by leveraging viewstate deserialization.

The Microsoft Security Response Center advisory at portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 supplies patch information and mitigation guidance, while additional technical analysis is published by the Zero Day Initiative under ZDI-20-258.

Multiple working exploits targeting Exchange 2019 builds such as 15.2.221.12 have been released on Packet Storm Security.

EU & UK References

Vulnerability details

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
exchange server
2010, 2013, 2016, 2019

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the memory corruption root cause that enables arbitrary code execution via unsafe object handling.

prevent

Requires timely application of the vendor patch that corrects the viewstate deserialization flaw in Exchange.

prevent

Enforces validation of untrusted input (viewstate) before deserialization, blocking the attack vector used in public exploits.

References