CVE-2020-1206

Description from NVD

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.

Information Acquisition Date:2021-04-27T10:44Z

CVSS 2.0: 5.0 MEDIUM CVSS 3.x: 7.5 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:N/A:N

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Parical	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206
source:MISC
tags:Patch Vendor Advisory

http://packetstormsecurity.com/files/158053/SMBleed-Uninitialized-Kernel-Memory-Read-Proof-Of-Concept.html
source:MISC
tags:Technical Description

This vulnerability may involve a PoC.

Description from Forti

Microsoft: Windows SMBv3 Client/Server Information Disclosure Vulnerability

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Microsoft Windows SMBv3 Client/Server.The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.

Information Acquisition Date:2020/07/01

Affected Products

Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 2004 (Server Core installation)

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URL	Num of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...	320
https://lists.astaro.com/ASGV9-IPS-rules.html	27
http://newsbythehour.org/cybr	27
https://unaaldia.hispasec.com/2020/06/vulnerabilidad-critic...	21
https://airbus-cyber-security.com/diving-into-the-smblost-v...	19
http://tweetedtimes.com/behkxyz?s=tnp	8
https://www.hackplayers.com/2020/06/smbleed-cve-2020-1206-n...	7
https://ift.tt/3dPV0sF	6
http://canyoupwn.me	6
https://portal.msrc.microsoft.com/en-US/security-guidance/a...	6
https://blog.zecops.com/vulnerabilities/smbleedingghost-wri...	4
https://thehackernews.com/2020/06/SMBleed-smb-vulnerability...	4
https://github.com/ZecOps/CVE-2020-1206-POC	3
http://vulmon.com/vulnerabilitydetails?qid=CVE-2020-1206	3
https://twitter.com/TheHackersNews/status/12704546680957829...	3
https://www.tenable.com/blog/smbleed-cve-2020-1206-and-smbl...	3
https://packetstormsecurity.com/files/158054/CVE-2020-0796-...	3
https://www.freethreatintel.com	3

Information from Twitter

User	URL	Info Source	Date
No Data

List of frequently cited URLs

URL	Num of Times Referred to
alerts.vulmon.com	320
lists.astaro.com	27
newsbythehour.org	27
unaaldia.hispasec.com	21
airbus-cyber-security.com	19
tweetedtimes.com	8
www.hackplayers.com	7
ift.tt	6
canyoupwn.me	6
portal.msrc.microsoft.com	6
blog.zecops.com	4
thehackernews.com	4
github.com	3
vulmon.com	3
twitter.com	3
www.tenable.com	3
packetstormsecurity.com	3
www.freethreatintel.com	3

Information from Twitter

User	URL	Info Source
No Data

GitHub Search Results: Up to 10

Name	URL
ZecOps/CVE-2020-1206-POC	https://github.com/ZecOps/CVE-2020-1206-POC
ZecOps/SMBGhost-SMBleed-scanner	https://github.com/ZecOps/SMBGhost-SMBleed-scanner
Info-Security-Solution-Kolkata/CVE-2020-1206-Exploit	https://github.com/Info-Security-Solution-Kolkata/CVE-2020-1206-Exploit
Info-Security-Solution-Kolkata/Smbleed-CVE-2020-1206-Exploit	https://github.com/Info-Security-Solution-Kolkata/Smbleed-CVE-2020-1206-Exploit

GitHub Search Results: Up to 10

Name	URL
ZecOps/CVE-2020-1206-POC	github.com
ZecOps/SMBGhost-SMBleed-scanner	github.com
Info-Security-Solution-Kolkata/CVE-2020-1206-Exploit	github.com
Info-Security-Solution-Kolkata/Smbleed-CVE-2020-1206-Exploit	github.com

2023/02/16 Score : 0
Added Har-sia Database : 2020/06/10
Last Modified : 2023/02/16
Highest Scored Date : 2020/06/10
Highest Score : 114