Vulnerability Details : CVE-2020-1147
Public exploit exists!
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
Vulnerability category: Execute code
Products affected by CVE-2020-1147
- cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
CVE-2020-1147 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserializati
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-1147
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2020-1147
87.99%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-1147
-
SharePoint DataSet / DataTable Deserialization
Disclosure Date: 2020-07-14First seen: 2020-08-02exploit/windows/http/sharepoint_data_deserializationA remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that
CVSS scores for CVE-2020-1147
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2020-1147
-
https://www.exploitalert.com/view-details.html?id=35992
Microsoft SharePoint Server 2019 Remote Code Execution - ExploitalertExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
Microsoft SharePoint Server 2019 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
SharePoint DataSet / DataTable Deserialization ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
Patch;Vendor Advisory
-
http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
Microsoft SharePoint Server 2019 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to