CVE-2020-0796 : A remote code execution vulnerability exists in the way that the Microsoft Serve

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

Published 2020-03-12 16:15:16

Updated 2025-02-04 16:15:32

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2020-0796

Microsoft » Windows 10 » Version: 1903
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1909
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 1903
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 1909
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
Matching versions

CVE-2020-0796 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.

CISA vulnerability name:

Microsoft SMBv3 Remote Code Execution Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

Notes:

https://nvd.nist.gov/vuln/detail/CVE-2020-0796

Added on 2022-02-10 Action due date 2022-08-10

Exploit prediction scoring system (EPSS) score for CVE-2020-0796

EPSS FAQ

94.42%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2020-0796

SMBv3 Compression Buffer Overflow

Disclosure Date: 2020-03-13

First seen: 2021-05-21

exploit/windows/smb/cve_2020_0796_smbghost

A vulnerability exists within the Microsoft Server Message Block 3.1.1 (SMBv3) protocol that can be leveraged to execute code on a vulnerable server. This remove exploit implementation leverages this flaw to execute code in the context of the kernel, finally yielding a

More information
SMBv3 Compression Buffer Overflow

Disclosure Date: 2020-03-13

First seen: 2020-04-26

exploit/windows/local/cve_2020_0796_smbghost

A vulnerability exists within the Microsoft Server Message Block 3.1.1 (SMBv3) protocol that can be leveraged to execute code on a vulnerable server. This local exploit implementation leverages this flaw to elevate itself before injecting a payload into winlogon.

More information

CVSS scores for CVE-2020-0796

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
10.0	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	3.9	6.0	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-04
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
10.0	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	3.9	6.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-0796

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2020-0796

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability
Patch;Vendor Advisory
http://packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.html

Microsoft Windows SMBGhost Remote Code Execution ≈ Packet Storm
Third Party Advisory;VDB Entry
http://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.html

Microsoft Windows 10 SMB 3.1.1 Local Privilege Escalation ≈ Packet Storm
Third Party Advisory;VDB Entry
http://packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.html

SMBleed / SMBGhost Pre-Authentication Remote Code Execution Proof Of Concept ≈ Packet Storm
Third Party Advisory;VDB Entry
http://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.html

SMBv3 Compression Buffer Overflow ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
http://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html

Microsoft Windows SMB 3.1.1 Remote Code Execution ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html

CoronaBlue / SMBGhost Microsoft Windows 10 SMB 3.1.1 Proof Of Concept ≈ Packet Storm
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2020-0796