CVE-2020-0796

Description from NVD

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

Information Acquisition Date:2022-01-15T11:37Z

CVSS 2.0: 7.5 HIGH CVSS 3.x: 10.0 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchanged	Changed
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Parical	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
source:MISC
tags:Patch Vendor Advisory

http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html
source:MISC
tags:Third Party Advisory

http://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html
source:MISC
tags:Third Party Advisory

http://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.html
source:MISC
tags:

http://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.html
source:MISC
tags:

http://packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.html
source:MISC
tags:

http://packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.html
source:MISC
tags:

This vulnerability may involve a PoC.

Description from Forti

MS SMB Server Compression Transform Header Memory Corruption

This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers.The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.

Information Acquisition Date:2020/07/01

Affected Products

Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URL	Num of Times Referred to
http://vulmon.com/vulnerabilitydetails?qid=CVE	2870
https://cvetrends.com	61
https://lists.astaro.com/ASGV9-IPS-rules.html	48
https://newsbythehour.org/cybr/	27
https://unaaldia.hispasec.com/2020/06/vulnerabilidad-critic...	21
http://canyoupwn.me	15
https://blog.zecops.com/vulnerabilities/vulnerability-repro...	15
https://thehackernews.com/2020/06/SMBleed-smb-vulnerability...	11
https://threatpost.com/top-cves-trending-with-cybercriminal...	7
http://tweetedtimes.com/Pentest101MX?s=tnp	6
https://ift.tt/2WS6m9P	5
http://izumino.jp/Security/sec_trend.cgi?ref=tw&ref_date=20...	5
https://twitter.com/search?src=sprv&q=CVE-2020-0796	5
https://www.snort.org/rule_docs/1-53425	5
https://fortiguard.com/encyclopedia/ips/48773	5
https://www.mcafee.com/enterprise/en-us/assets/release-note...	5
https://www.checkpoint.com/defense/advisories/public/2020/c...	5
https://www.proofpoint.com/us/daily-ruleset-update-summary-...	5
http://www.watchguard.com/SecurityPortal/ThreatDetail.aspx?...	5
http://update1.hillstonenet.com/support/IPS_Help/en/NETBIOS...	5
https://kas.pr/o9zb	4
https://buff.ly/3dB1iMs	4
http://earmas.ga/	4
https://meterpreter.org/researcher-published-microsoft-smbv...	4
http://www.kitploit.com/2020/03/cve-2020-0796-cve-2020-0796...	4
https://securityboulevard.com/2020/04/hypervisor-introspect...	4
https://j.mp/3dPRO0r	3
https://youtu.be/WP2KGNBhVyY	3
https://github.com/ZecOps/CVE-2020-0796-POC	3
https://medium.com/@knownsec404team/cve-2020-0796-windows-s...	3
http://seclists.org/cert/2020/146	3
https://news.sophos.com/en-us/2020/05/27/netwalker-ransomwa...	3
https://www.us-cert.gov/ncas/current-activity/2020/06/05/un...	3
https://paper.seebug.org/1165/	3
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-...	3
https://securityaffairs.co/wordpress/100882/hacking/cve-202...	3
https://www.guardicore.com/2020/03/how-to-protect-your-syst...	3
https://reportcybercrime.com/	3
https://www.securityweek.com/smbghost-vulnerability-allows-...	3
https://packetstormsecurity.com/files/156980/CVE-2020-0796.tgz	3
https://www.bleepingcomputer.com/news/security/windows-10-s...	3
https://portal.msrc.microsoft.com/en-US/security-guidance/a...	3

Information from Twitter

User	URL	Info Source	Date
LeighGi66657535	https://twitter.com/LeighGi66657535/status/1627816037793116...	Source LeighGi66657535 1627816037793116160	2023/02/21

List of frequently cited URLs

URL	Num of Times Referred to
vulmon.com	2870
cvetrends.com	61
lists.astaro.com	48
newsbythehour.org	27
unaaldia.hispasec.com	21
canyoupwn.me	15
blog.zecops.com	15
thehackernews.com	11
threatpost.com	7
tweetedtimes.com	6
ift.tt	5
izumino.jp	5
twitter.com	5
www.snort.org	5
fortiguard.com	5
www.mcafee.com	5
www.checkpoint.com	5
www.proofpoint.com	5
www.watchguard.com	5
update1.hillstonenet.com	5
kas.pr	4
buff.ly	4
earmas.ga	4
meterpreter.org	4
www.kitploit.com	4
securityboulevard.com	4
j.mp	3
youtu.be	3
github.com	3
medium.com	3
seclists.org	3
news.sophos.com	3
www.us-cert.gov	3
paper.seebug.org	3
www.trustwave.com	3
securityaffairs.co	3
www.guardicore.com	3
reportcybercrime.com	3
www.securityweek.com	3
packetstormsecurity.com	3
www.bleepingcomputer.com	3
portal.msrc.microsoft.com	3

Information from Twitter

User	URL	Info Source
LeighGi66657535	twitter.com	Show Tweet

GitHub Search Results: Up to 10

Name	URL
No Data

GitHub Search Results: Up to 10

Name	URL
No Data

2023/03/07 Score : 0
Added Har-sia Database : 2020/03/11
Last Modified : 2023/03/07
Highest Scored Date : 2020/03/31
Highest Score : 152