Microsoft Exchange Remote Code Execution - CVE-2020-16875
Tags
attack-pattern: Direct Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID ec08196d-bb3e-4c95-801a-53cadda3457a
Fingerprint 8e5141d32e145476
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 21, 2020, midnight
Added to db Jan. 19, 2023, 12:02 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline NEWS
Title Microsoft Exchange Remote Code Execution - CVE-2020-16875
Detected Hints/Tags/Attributes 38/1/15
Source URLs
Redirection Url
Details Source https://www.x41-dsec.de/security/advisory/exploit/research/2020/12/21/x41-microsoft-exchange-rce-dlp-bypass/
URL Provider
Details Provider Source level domain
Details x41-dsec.de www.x41-dsec.de
Attributes
Details Type #Events CTI Value
Details CVE 10 
cve-2020-16875
Details CVE 9 
cve-2020-17132
Details Domain 5 
srcincite.io
Details Domain 1 
cve-2020-16875.py
Details Domain 128 
support.microsoft.com
Details Domain 1 
cve-2020-16875-patch-bypass.py
Details Domain 452 
msrc.microsoft.com
Details File 1 
cve-2020-16875.py
Details File 2 
keyvaluepair.key
Details File 2125 
cmd.exe
Details File 1 
cve-2020-16875-patch-bypass.py
Details Url 2 
https://srcincite.io/advisories/src-2020-0019
Details Url 1 
https://srcincite.io/pocs/cve-2020-16875.py.txt
Details Url 1 
https://support.microsoft.com/en-us/help/4577352/security-update-for-exchange-server-2019-and-2016
Details Url 1 
https://msrc.microsoft.com/update-guide/en-us/vulnerability/cve-2020-17132