module
Exchange Control Panel ViewState Deserialization
| Disclosed |
|---|
| Feb 11, 2020 |
Disclosed
Feb 11, 2020
Description
This module exploits a .NET serialization vulnerability in the
Exchange Control Panel (ECP) web page. The vulnerability is due to
Microsoft Exchange Server not randomizing the keys on a
per-installation basis resulting in them using the same validationKey
and decryptionKey values. With knowledge of these values, an attacker
can craft a special ViewState to cause an OS command to be executed
by NT_AUTHORITY\SYSTEM using .NET deserialization.
Exchange Control Panel (ECP) web page. The vulnerability is due to
Microsoft Exchange Server not randomizing the keys on a
per-installation basis resulting in them using the same validationKey
and decryptionKey values. With knowledge of these values, an attacker
can craft a special ViewState to cause an OS command to be executed
by NT_AUTHORITY\SYSTEM using .NET deserialization.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.