CVE-2020-16952 : A remote code execution vulnerability exists in Microsoft SharePoint when the

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.

Published 2020-10-16 23:15:16

Updated 2023-12-31 20:15:58

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2020-16952

Microsoft » Sharepoint Server » Version: 2019
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Foundation » Version: 2013 Update SP1
cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Enterprise Server » Version: 2016
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-16952

EPSS FAQ

77.37%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2020-16952

Microsoft SharePoint Server-Side Include and ViewState RCE

Disclosure Date: 2020-10-13

First seen: 2020-10-19

exploit/windows/http/sharepoint_ssi_viewstate

This module exploits a server-side include (SSI) in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is

More information

CVSS scores for CVE-2020-16952

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L	3.9	4.7	Microsoft Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: High Availability: Low

CWE ids for CVE-2020-16952

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-16952

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952

CVE-2020-16952 | Microsoft SharePoint Remote Code Execution Vulnerability
Patch;Vendor Advisory
http://packetstormsecurity.com/files/159612/Microsoft-SharePoint-SSI-ViewState-Remote-Code-Execution.html

Microsoft SharePoint SSI / ViewState Remote Code Execution ≈ Packet Storm
Exploit;Third Party Advisory

Jump to