Cyber Resilience

CVE-2020-17144

HighCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 10 December 2020

Published
10 December 2020
Modified
29 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.9200 99.7th percentile
Risk Priority 92 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-17144 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Exchange Server. Its CVSS base score is 8.4 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2020-17144 is a remote code execution vulnerability in Microsoft Exchange stemming from deserialization of untrusted data (CWE-502). It carries a CVSS 3.1 score of 8.4 with network attack vector, low complexity, and high impacts across confidentiality, integrity, and availability under changed scope.

An attacker with high privileges who can also trigger user interaction may exploit the flaw over the network to execute arbitrary code on affected Exchange servers.

Microsoft security advisories at the listed MSRC URLs detail available patches and mitigation steps, while CISA lists the CVE in its known exploited vulnerabilities catalog.

The entry was published in December 2020.

EU & UK References

Vulnerability details

Microsoft Exchange Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
exchange server
2010

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of vendor patches that remediate the deserialization flaw in Exchange.

prevent

Enforces validation of untrusted data before deserialization, blocking the root cause of arbitrary code execution.

prevent

Restricts the high-privilege accounts required by the attacker to trigger the RCE.

References