HTTP: Microsoft Exchange Multiple Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Microsoft Exchange. A successful attack can lead to arbitrary code execution.
Extended Description
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised. The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.
Affected Products
Microsoft exchange_server
Short Name
HTTP:CTS:MICROSOFT-EXCHANGE-RCE
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2020-16875 CVE-2020-17117 CVE-2020-17132 CVE-2021-26412 Code Exchange Execution Microsoft Multiple Remote
Release Date
10/07/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3665
False Positive
Unknown
Vendors
Microsoft
CVSS Score
6.5
9.0