Start your free trial today.

Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.

Your Shield Against Threats

Unleash the Power of Cybersecurity

Boost Your Security, Enhance Your Business

We solve Your Cyber Challenges

Quick Links

Resources

Deepaegis Portals

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS SCORE:8.4

CVE ID:CVE-2020-17144

SEVERITY:High

Vendor:Microsoft

Reporter:secure@microsoft.com

Exploitable?Yes

Summary

Microsoft Exchange Remote Code Execution Vulnerability

Impact

Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.

Affected Products

Exchange Server

CVSS Metrics

Source: secure@microsoft.com

version3.1

vectorStringCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

baseScore8.4

baseSeverityHIGH

attackVectorNETWORK

attackComplexityLOW

privilegesRequiredHIGH

userInteractionREQUIRED

scopeCHANGED

confidentialityImpactHIGH

integrityImpactHIGH

availabilityImpactHIGH

CWE Information

Source: nvd@nist.gov,Type: Primary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0,Type: Secondary

Action Information

Action Due: 5/3/2022

Remediation: Apply updates per vendor instructions.

Exploit Added Date: 11/3/2021

Patch and Mitigation Information

Patch Information

Temporary Fixes / Workarounds

No temporary fixes provided

Recommended Security Measures

Apply updates per vendor instructions.

Detection Methods

No detection methods provided

Date Of Vendor Response

Not specified

Date Of Patch Release

Not specified

Additional Information

References

secure@microsoft.com:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17144

af854a3a-2127-422b-91ae-364da2661108:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17144

Affected Organizations

No affected organizations specified

Confidentiality Notice

This document contains sensitive information. Unauthorized distribution is prohibited.

Vulnerability Advisory

Published 12/10/2020

Updated 8/28/2025