CVE-2020-0796

CVE-2020-0796

NVD Published Date: March 12, 2020 at 04:15 PM

NVD Last Modified: April 22, 2022 at 07:02 PM

Download Patch

Vulnerability ID

CVE-2020-0796

Severity

CRITICAL

Severity Score

10.0

Summary

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html

http://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html

http://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.html

http://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.html

http://packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.html

http://packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.html

Mitigation and Patches

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

Exploits

https://www.exploit-db.com/exploits/48216

https://www.exploit-db.com/docs/49612

https://www.exploit-db.com/exploits/48537

https://www.exploit-db.com/exploits/48267

https://github.com/ZecOps/CVE-2020-0796-RCE-POC/

https://github.com/danigargu/CVE-2020-0796

https://github.com/ly4k/SMBGhost

https://github.com/jamf/CVE-2020-0796-RCE-POC

https://github.com/eerykitty/CVE-2020-0796-PoC

https://github.com/jamf/CVE-2020-0796-LPE-POC

https://github.com/Barriuso/SMBGhost_AutomateExploitation

https://github.com/Rvn0xsy/CVE_2020_0796_CNA

https://github.com/rsmudge/CVE-2020-0796-BOF

https://github.com/jiansiting/CVE-2020-0796

https://github.com/ioncodes/SMBGhost

https://github.com/k8gege/PyLadon

https://github.com/jamf/SMBGhost-SMBleed-scanner

https://github.com/eastmountyxz/CVE-2020-0796-SMB

https://github.com/T13nn3s/CVE-2020-0796

https://github.com/GuoKerS/aioScan_CVE-2020-0796

https://github.com/ButrintKomoni/cve-2020-0796

https://github.com/maxpl0it/Unauthenticated-CVE-2020-0796-PoC

https://github.com/thelostworldFree/CVE-2020-0796

https://github.com/gabimarti/SMBScanner

https://github.com/dickens88/cve-2020-0796-scanner

https://github.com/Almorabea/SMBGhost-LPE-Metasploit-Module

https://github.com/f1tz/CVE-2020-0796-LPE-EXP

https://github.com/0x25bit/CVE-2020-0796-PoC

https://github.com/joaozietolie/CVE-2020-0796-Checker

https://github.com/w1ld3r/SMBGhost_Scanner

https://github.com/jiansiting/CVE-2020-0796-Scanner

https://github.com/0xeb-bp/cve-2020-0796

https://github.com/Ajomix/CVE-2020-0796

https://github.com/technion/DisableSMBCompression

https://github.com/wneessen/SMBCompScan

https://github.com/vysecurity/CVE-2020-0796

https://github.com/sujitawake/smbghost

https://github.com/tango-j/CVE-2020-0796

https://github.com/orangmuda/CVE-2020-0796

https://github.com/exp-sky/CVE-2020-0796

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve_2020_0796_smbghost.rb

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/cve_2020_0796_smbghost.rb

https://github.com/ZecOps/CVE-2020-0796-RCE-POC/

https://github.com/danigargu/CVE-2020-0796

https://github.com/ZecOps/CVE-2020-0796-RCE-POC

https://github.com/eerykitty/CVE-2020-0796-PoC

https://github.com/ZecOps/CVE-2020-0796-LPE-POC

https://github.com/Barriuso/SMBGhost_AutomateExploitation

https://github.com/Rvn0xsy/CVE_2020_0796_CNA

https://github.com/ioncodes/SMBGhost

https://github.com/rsmudge/CVE-2020-0796-BOF

https://github.com/jiansiting/CVE-2020-0796

https://github.com/k8gege/PyLadon

https://github.com/eastmountyxz/CVE-2020-0796-SMB

https://github.com/ZecOps/SMBGhost-SMBleed-scanner

https://github.com/T13nn3s/CVE-2020-0796

https://github.com/GuoKerS/aioScan_CVE-2020-0796

https://github.com/maxpl0it/Unauthenticated-CVE-2020-0796-PoC

https://github.com/Almorabea/SMBGhost-LPE-Metasploit-Module

https://github.com/thelostworldFree/CVE-2020-0796

https://github.com/Aekras1a/CVE-2020-0796-PoC

https://github.com/joaozietolie/CVE-2020-0796-Checker

https://github.com/gabimarti/SMBScanner

https://github.com/dickens88/cve-2020-0796-scanner

https://github.com/f1tz/CVE-2020-0796-LPE-EXP

https://github.com/ButrintKomoni/cve-2020-0796

https://github.com/w1ld3r/SMBGhost_Scanner

https://github.com/0xeb-bp/cve-2020-0796

https://github.com/jiansiting/CVE-2020-0796-Scanner

https://github.com/Nephael/Nephael-CVE-2020-0796

https://github.com/technion/DisableSMBCompression

https://github.com/wneessen/SMBCompScan

https://github.com/vysecurity/CVE-2020-0796

https://github.com/ORCA666/CVE-2020-0796

https://github.com/tango-j/CVE-2020-0796

https://github.com/exp-sky/CVE-2020-0796

https://github.com/Apasys/Nephael-CVE-2020-0796

https://github.com/Apasys/Apasys-CVE-2020-0796

https://github.com/ollypwn/SMBGhost

https://github.com/ly4k/SMBGhost

https://github.com/oxctdev/CVE-2020-0796

https://github.com/Haruster/Apasys-CVE-2020-0796

https://github.com/sujitawake/smbghost

https://github.com/laolisafe/CVE-2020-0796

https://github.com/onsecuredev/CVE-2020-0796

https://github.com/rakhanobe/CVE-2020-0796

https://github.com/thomsdev/CVE-2020-0796

https://github.com/byteofjoshua/CVE-2020-0796

https://github.com/byteofandri/CVE-2020-0796

https://github.com/orangmuda/CVE-2020-0796

http://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html

http://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.html

https://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://github.com/ran-sama/CVE-2020-0796

https://github.com/jamf/CVE-2020-0796-RCE-POC

https://github.com/jamf/CVE-2020-0796-LPE-POC

https://github.com/jamf/SMBGhost-SMBleed-scanner

https://github.com/Ajomix/CVE-2020-0796

https://github.com/TinToSer/CVE-2020-0796-LPE

https://github.com/0x25bit/CVE-2020-0796-PoC

Metasploit Payload

https://github.com/danigargu/CVE-2020-0796

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve_2020_0796_smbghost.rb

https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html

https://github.com/chompie1337/SMBGhost_RCE_PoC

https://www.youtube.com/watch?v=RSV3f6aEJFY&t=1865s

https://www.coresecurity.com/core-labs/articles/getting-physical-extreme-abuse-of-intel-based-paging-systems

https://www.coresecurity.com/core-labs/articles/getting-physical-extreme-abuse-of-intel-based-paging-systems-part-2-windows

https://labs.bluefrostsecurity.de/blog/2017/05/11/windows-10-hals-heap-extinction-of-the-halpinterruptcontroller-table-exploitation-technique/

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/cve_2020_0796_smbghost.rb

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE ID

CWE-119

Recent Publish

CVE-2020-2021

KB5002650

KB5002651

CVE-2020-6287

CVE-2020-1350

KB5002653

See More ...

See SecOps Solution
in action

Schedule Demo