CVE-2020-0796

Description from NVD

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

Information Acquisition Date:2022-01-15T11:37Z
CVSS 2.0: 7.5 HIGH CVSS 3.x: 10.0 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
     source:MISC
     tags:Patch    Vendor Advisory    
 http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html
     source:MISC
     tags:Third Party Advisory    
 http://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html
     source:MISC
     tags:Third Party Advisory    
 http://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.html
     source:MISC
     tags:
 http://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.html
     source:MISC
     tags:
 http://packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.html
     source:MISC
     tags:
 http://packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.html
     source:MISC
     tags:

This vulnerability may involve a PoC.

Description from Forti

MS SMB Server Compression Transform Header Memory Corruption

This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers.The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.

Information Acquisition Date:2020/07/01

Affected Products

Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:



List of frequently cited URLs

URLNum of Times Referred to
http://vulmon.com/vulnerabilitydetails?qid=CVE2870
https://cvetrends.com61
https://lists.astaro.com/ASGV9-IPS-rules.html48
https://newsbythehour.org/cybr/27
https://unaaldia.hispasec.com/2020/06/vulnerabilidad-critic...21
http://canyoupwn.me15
https://blog.zecops.com/vulnerabilities/vulnerability-repro...15
https://thehackernews.com/2020/06/SMBleed-smb-vulnerability...11
https://threatpost.com/top-cves-trending-with-cybercriminal...7
http://tweetedtimes.com/Pentest101MX?s=tnp6
https://ift.tt/2WS6m9P5
http://izumino.jp/Security/sec_trend.cgi?ref=tw&ref_date=20...5
https://twitter.com/search?src=sprv&q=CVE-2020-07965
https://www.snort.org/rule_docs/1-534255
https://fortiguard.com/encyclopedia/ips/487735
https://www.mcafee.com/enterprise/en-us/assets/release-note...5
https://www.checkpoint.com/defense/advisories/public/2020/c...5
https://www.proofpoint.com/us/daily-ruleset-update-summary-...5
http://www.watchguard.com/SecurityPortal/ThreatDetail.aspx?...5
http://update1.hillstonenet.com/support/IPS_Help/en/NETBIOS...5
https://kas.pr/o9zb4
https://buff.ly/3dB1iMs4
http://earmas.ga/4
https://meterpreter.org/researcher-published-microsoft-smbv...4
http://www.kitploit.com/2020/03/cve-2020-0796-cve-2020-0796...4
https://securityboulevard.com/2020/04/hypervisor-introspect...4
https://j.mp/3dPRO0r3
https://youtu.be/WP2KGNBhVyY3
https://github.com/ZecOps/CVE-2020-0796-POC3
https://medium.com/@knownsec404team/cve-2020-0796-windows-s...3
http://seclists.org/cert/2020/1463
https://news.sophos.com/en-us/2020/05/27/netwalker-ransomwa...3
https://www.us-cert.gov/ncas/current-activity/2020/06/05/un...3
https://paper.seebug.org/1165/3
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-...3
https://securityaffairs.co/wordpress/100882/hacking/cve-202...3
https://www.guardicore.com/2020/03/how-to-protect-your-syst...3
https://reportcybercrime.com/3
https://www.securityweek.com/smbghost-vulnerability-allows-...3
https://packetstormsecurity.com/files/156980/CVE-2020-0796.tgz3
https://www.bleepingcomputer.com/news/security/windows-10-s...3
https://portal.msrc.microsoft.com/en-US/security-guidance/a...3

Information from Twitter

User URL Info Source Date
LeighGi66657535 https://twitter.com/LeighGi66657535/status/1627816037793116... Source LeighGi66657535 1627816037793116160 2023/02/21

List of frequently cited URLs

URLNum of Times Referred to
vulmon.com2870
cvetrends.com61
lists.astaro.com48
newsbythehour.org27
unaaldia.hispasec.com21
canyoupwn.me15
blog.zecops.com15
thehackernews.com11
threatpost.com7
tweetedtimes.com6
ift.tt5
izumino.jp5
twitter.com5
www.snort.org5
fortiguard.com5
www.mcafee.com5
www.checkpoint.com5
www.proofpoint.com5
www.watchguard.com5
update1.hillstonenet.com5
kas.pr4
buff.ly4
earmas.ga4
meterpreter.org4
www.kitploit.com4
securityboulevard.com4
j.mp3
youtu.be3
github.com3
medium.com3
seclists.org3
news.sophos.com3
www.us-cert.gov3
paper.seebug.org3
www.trustwave.com3
securityaffairs.co3
www.guardicore.com3
reportcybercrime.com3
www.securityweek.com3
packetstormsecurity.com3
www.bleepingcomputer.com3
portal.msrc.microsoft.com3

Information from Twitter

User URL Info Source
LeighGi66657535 twitter.com Show Tweet

GitHub Search Results: Up to 10
NameURL
No Data

GitHub Search Results: Up to 10
NameURL
No Data

2023/03/07 Score : 0
Added Har-sia Database : 2020/03/11
Last Modified : 2023/03/07
Highest Scored Date : 2020/03/31
Highest Score : 152