| Ãë¾àÁ¡ID |
18125 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
25 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
SMTP |
| »ó¼¼¼³¸í |
CVE-2020-0688Àº Á¤Àû Å° »ç¿ëÀ¸·Î ÀÎÇÑ Microsoft ExchangeÀÇ Ä¡¸íÀûÀÎ Ãë¾à¼ºÀÔ´Ï´Ù. ¾Ç¿ë¿¡´Â À¯È¿ÇÑ ÀÚ°Ý Áõ¸í (À̸ÞÀÏ »ç¿ëÀÚ ¼öÁØ¿¡¼)ÀÌ ÇÊ¿äÇÏ°í ´ë·® ¾Ç¿ë À§ÇèÀÌ ³·Áö¸¸ ÀÌ Ãë¾àÁ¡Àº SYSTEM ¼öÁØ RCE·Î À̾îÁö´Â Ç¥Àû °ø°Ý¿¡ ¸Å¿ì À¯¿ë ÇÒ ¼ö ÀÖ½À´Ï´Ù.
* Âü°í »çÀÌÆ®:
https://github.com/cert-lv/CVE-2020-0688
http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html
http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
https://www.zerodayinitiative.com/advisories/ZDI-20-258/
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Exchange Server 2013(15.0.1497.6 ÀÌÀü), 2016( 15.1.1847.7, 15.1.1913.7 ÀÌÀü) 2019(15.2.464.11, 15.2.529.8 ÀÌÀü)
Microsoft Windows Any version |
| ÇØ°áÃ¥ |
Exchange Server 2013(15.0.1497.6 ¶Ç´Â ÀÌÈÄ), 2016( 15.1.1847.7, 15.1.1913.7 ¶Ç´Â ÀÌÈÄ) 2019(15.2.464.11, 15.2.529.8 ¶Ç´Â ÀÌÈÄ) ¹öÀüÀ¸·Î ¾÷±×·¹À̵å ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2020-0688 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
