Vulnerability in Microsoft Exchange Server 2013
CVE-2020-0692
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
EPSS: 0.055 (90.4th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Exchange Server 2013 — versions Cumulative Update 23
- Microsoft Exchange Server 2016 Cumulative Update 14 — versions unspecified
- Microsoft Exchange Server 2016 Cumulative Update 15 — versions unspecified
- Microsoft Exchange Server 2019 Cumulative Update 3 — versions unspecified
- Microsoft Exchange Server 2019 Cumulative Update 4 — versions unspecified
Public proof-of-concept exploits
References
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-0692?
- CVE-2020-0692 is a vulnerability in Microsoft Exchange Server 2013. Published 2020-02-11.
- Is CVE-2020-0692 known to be exploited?
- 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.