Russian Vulnerability Scanner Database

Back to List

BDU:2020-01005

Scores

EPSS Score

0.0000

CVSS

3.x 8.4

Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
8.4

Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0
9.0

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Description

Уязвимость реализации сетевого протокола Server Message Block (SMBv3) операционных систем Windows связана с некорректной обработкой запросов с использованием алгоритма сжатия данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код при помощи специально сформированного пакета

Sources

bdu

Related Vulnerabilities

CVE-2020-0796

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0796
https://www.zdnet.com/article/details-about-new-smb-wormable-bug-leak-in-microsoft-patch-tuesday-snafu/
https://fortiguard.com/encyclopedia/ips/48773
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005
https://www.tenable.com/blog/cve-2020-0796-wormable-remote-code-execution-vulnerability-in-microsoft-server-message-block
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
http://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html

Vulnerable Software

Type: Configuration

Vendor: microsoft corp.

Product: windows_10

Operating System: * *

Trait: 
{
  "version_exact": "1903"
}

Source: bdu

Type: Configuration

Vendor: microsoft corp.

Product: windows_10

Operating System: * *

Trait: 
{
  "version_exact": "1909"
}

Source: bdu

Type: Configuration

Vendor: microsoft corp.

Product: windows_server

Operating System: * *

Trait: 
{
  "version_exact": "1903"
}

Source: bdu

Type: Configuration

Vendor: microsoft corp.

Product: windows_server

Operating System: * *

Trait: 
{
  "version_exact": "1909"
}

Source: bdu