#VU25980 Input validation error in Windows and Windows Server - CVE-2020-0796

Cybersecurity Help s.r.o.

Published: 2020-03-11 | Updated: 2023-06-14

Vulnerability identifier: #VU25980

Vulnerability risk: High

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2020-0796

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. A remote attacker can trick a client to connect to a malicious SMB server and execute arbitrary code on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Windows: 10 1903 10.0.18362.116, 10 1909 10.0.18363.476

Windows Server: 2019 1903 - 2019 1909

External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
https://github.com/Dhoomralochana/Scanners-for-CVE-2020-0796-Testing
https://github.com/ClarotyICS/CVE2020-0796

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Remote code execution in Microsoft Windows SMBv3