CVE-2020-1147

Description from NVD

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

Information Acquisition Date:2021-04-27T10:48Z
CVSS 2.0: 6.8 MEDIUM CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:P/I:P/A:P

NVD References

 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
     source:MISC
     tags:Patch    Vendor Advisory    
 http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
     source:MISC
     tags:
 http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
     source:MISC
     tags:
 https://www.exploitalert.com/view-details.html?id=35992
     source:MISC
     tags:

This vulnerability may involve a PoC.

Description from Forti

Microsoft: NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability

This indicates an attack attempt to exploit an Insecure Deserialization vulnerability in Microsoft .NET Framework.The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted XML file. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted XML file using the affected .NET Framework API. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user.

Information Acquisition Date:2020/08/01

Affected Products

Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Server 2010 Service Pack 2
.NET Core 2.1
.NET Core 3.1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)
Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows Server 2016
Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 4.8 on Windows RT 8.1
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows Server 2012
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows Server 2012 R2
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 3.5 on Windows Server 2012
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 3.5 on Windows Server 2012 R2
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 4.5.2 on Windows RT 8.1
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.5.2 on Windows Server 2012
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 2004 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for ARM64-based Systems

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://reportcybercrime.com/488
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...282
https://lists.astaro.com/ASGV9-IPS-rules.html20
https://securityaffairs.co/wordpress/106281/hacking/cve-202...7
https://github.com/dotnet/announcements/issues/1595
https://twitter.com/search?src=sprv&q=CVE-2020-11475
https://www.helpnetsecurity.com/2020/07/21/cve-2020-1147/4
https://portal.msrc.microsoft.com/en-us/security-guidance/a...4
https://bit.ly/32ooaw83
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-rem...3
http://tweetedtimes.com/v/15572?s=tnp3
https://www.proofpoint.com/us/daily-ruleset-update-summary-...3

Information from Twitter

User URL Info Source Date
threatintelctr https://nvd.nist.gov/vuln/detail/CVE-2020-1147 Source threatintelctr   1509994822483984387 2022/04/02
RemotelyAlerts http://alerts.remotelyrmm.com/CVE-2020-1147 Source RemotelyAlerts   1510021650514776066 2022/04/02

List of frequently cited URLs

URLNum of Times Referred to
reportcybercrime.com488
alerts.vulmon.com282
lists.astaro.com20
securityaffairs.co7
github.com5
twitter.com5
www.helpnetsecurity.com4
portal.msrc.microsoft.com4
bit.ly3
srcincite.io3
tweetedtimes.com3
www.proofpoint.com3

Information from Twitter

User URL Info Source
threatintelctr nvd.nist.gov Show Tweet
RemotelyAlerts alerts.remotelyrmm.com Show Tweet
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2022/04/02 Score : 2
Added Har-sia Database : 2020/04/03
Last Modified : 2022/04/02
Highest Scored Date : 2020/07/24
Highest Score : 35