CVE-2020-1301

Description from NVD

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.

Information Acquisition Date:2020/07/01
CVSS 2.0: 6.5 MEDIUM CVSS 3.x: 8.8 HIGH

Description from Forti

Microsoft: Windows SMB Remote Code Execution Vulnerability

This indicates an attack attempt to exploit a Integer Overflow vulnerability in SMBv1 driver.The vulnerability is due to an error when the vulnerable software handles a maliciously crafted SMB request. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.

Information Acquisition Date:2020/07/01

Affected Products

Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows Server, version 1803 (Server Core Installation)
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN

Software Tag: Windows(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
http://www.sesin.at9387
https://reportcybercrime.com/2000
https://lists.astaro.com/ASGV9-IPS-rules.html27
http://tweetedtimes.com/vistacomputing?s=tnp9
https://www.us-cert.gov/ncas/current-activity/2020/06/05/un...7
https://twitter.com/cyb3rops/status/12704615689003581444
https://airbus-cyber-security.com/diving-into-the-smblost-v...4
https://portal.msrc.microsoft.com/en-US/security-guidance/a...3
https://ipssignatures.appspot.com/?cve=CVE-2020-13013
https://ift.tt/2BWOd2f3
https://www.tenable.com/blog/smbleed-cve-2020-1206-and-smbl...3

Information from Twitter

User URL Info Source Date
ipssignatures https://twitter.com/YanZiShuang/status/1275793872598077441 Source ipssignatures    1297883385944330240 2020/08/24
ipssignatures https://twitter.com/YanZiShuang/status/1275793872598077441 Source ipssignatures    1297913558420922374 2020/08/25
ipssignatures https://twitter.com/YanZiShuang/status/1275793872598077441 Source ipssignatures    1297943758345064449 2020/08/25
ipssignatures https://twitter.com/YanZiShuang/status/1275793872598077441 Source ipssignatures    1297973967253315593 2020/08/25
VulmonFeeds http://vulmon.com/vulnerabilitydetails?qid=CVE-2020-1301 Source VulmonFeeds      1301538890591993856 2020/09/04
ipssignatures https://www.mcafee.com/content/dam/enterprise/en-us/assets/... Source ipssignatures    1303529062229569536 2020/09/09
ipssignatures https://twitter.com/search?src=sprv&q=CVE-2020-1301 Source ipssignatures    1303529062229569536 2020/09/09
ipssignatures https://ipssignatures.appspot.com/?cve=CVE-2020-1301 Source ipssignatures    1303529063219449857 2020/09/09

List of frequently cited URLs

URLNum of Times Referred to
www.sesin.at9387
reportcybercrime.com2000
lists.astaro.com27
tweetedtimes.com9
www.us-cert.gov7
twitter.com4
airbus-cyber-security.com4
portal.msrc.microsoft.com3
ipssignatures.appspot.com3
ift.tt3
www.tenable.com3

Information from Twitter

User URL Info Source
ipssignatures twitter.com Show Tweet
ipssignatures twitter.com Show Tweet
ipssignatures twitter.com Show Tweet
ipssignatures twitter.com Show Tweet
VulmonFeeds vulmon.com Show Tweet
ipssignatures mcafee.com Show Tweet
ipssignatures twitter.com Show Tweet
ipssignatures ipssignatures.appspot.com Show Tweet

GitHub Search Results: Up to 10
NameURL
shubham0d/CVE-2020-1301 https://github.com/shubham0d/CVE-2020-1301
P1kAju/CVE-2020-1301 https://github.com/P1kAju/CVE-2020-1301

GitHub Search Results: Up to 10
NameURL
shubham0d/CVE-2020-1301 github.com
P1kAju/CVE-2020-1301 github.com

2020/09/09 Score : 2
Added Har-sia Database : 2020/06/10
Last Modified : 2020/09/09
Highest Scored Date : 2020/06/10
Highest Score : 57