← volver
CVE-2020-0796

CVE-2020-0796

CVSS 10 CRITICALEPSS 99.8%● KEVCWE-119
En resumen

Una vulnerabilidad crítica en el protocolo SMBv3 de Windows (utilizado para compartición de archivos) permite que atacantes ejecuten código malicioso de forma remota en computadoras vulnerables sin necesidad de permisos especiales. Es especialmente peligrosa porque SMBv3 se usa ampliamente en redes y el ataque requiere mínima interacción.

Detalle técnico

Vulnerabilidad de ejecución remota de código en el protocolo SMBv3 (CWE-119: desbordamiento de búfer) activada mediante solicitudes de red especialmente diseñadas. Vector de ataque es por red sin autenticación requerida; los sistemas afectados procesan automáticamente paquetes SMBv3 maliciosos que corrompen memoria y resultan en ejecución de código arbitrario con privilegios del sistema.

Resumen generado y traducido por IA a partir de la descripción oficial.
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
Microsoft · Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Windows 10 Version 1903 for x64-based SystemsMicrosoft · Windows 10 Version 1909 for 32-bit SystemsMicrosoft · Windows 10 Version 1909 for ARM64-based SystemsMicrosoft · Windows 10 Version 1909 for x64-based SystemsMicrosoft · Windows Server, version 1903 (Server Core installation)Microsoft · Windows Server, version 1909 (Server Core installation)
PoCs públicas encontradas97
githubgithub.com/danigargu/CVE-2020-07961357githubgithub.com/ly4k/SMBGhost717githubgithub.com/jamf/CVE-2020-0796-RCE-POC573githubgithub.com/Barriuso/SMBGhost_AutomateExploitation347githubgithub.com/eerykitty/CVE-2020-0796-PoC333githubgithub.com/jamf/CVE-2020-0796-LPE-POC245githubgithub.com/Rvn0xsy/CVE_2020_0796_CNA75githubgithub.com/rsmudge/CVE-2020-0796-BOF70githubgithub.com/jiansiting/CVE-2020-079664githubgithub.com/ioncodes/SMBGhost58githubgithub.com/k8gege/PyLadon51githubgithub.com/jamf/SMBGhost-SMBleed-scanner44githubgithub.com/eastmountyxz/CVE-2020-0796-SMB33githubgithub.com/T13nn3s/CVE-2020-079628githubgithub.com/maxpl0it/Unauthenticated-CVE-2020-0796-PoC22githubgithub.com/Almorabea/SMBGhost-LPE-Metasploit-Module20githubgithub.com/gabimarti/SMBScanner19githubgithub.com/0x25bit/CVE-2020-0796-PoC19githubgithub.com/ButrintKomoni/cve-2020-079617githubgithub.com/f1tz/CVE-2020-0796-LPE-EXP17githubgithub.com/GuoKerS/aioScan_CVE-2020-079615githubgithub.com/dickens88/cve-2020-0796-scanner14githubgithub.com/joaozietolie/CVE-2020-0796-Checker14githubgithub.com/w1ld3r/SMBGhost_Scanner14githubgithub.com/thelostworldFree/CVE-2020-079611githubgithub.com/jiansiting/CVE-2020-0796-Scanner9githubgithub.com/technion/DisableSMBCompression9githubgithub.com/0xeb-bp/cve-2020-07967githubgithub.com/dungnm24/CVE-2020-07966githubgithub.com/vysecurity/CVE-2020-07965githubgithub.com/orangmuda/CVE-2020-07965githubgithub.com/tango-j/CVE-2020-07964githubgithub.com/wneessen/SMBCompScan4githubgithub.com/sujitawake/smbghost3githubgithub.com/exp-sky/CVE-2020-07963githubgithub.com/codewithpradhan/SMBGhost-CVE-2020-0796-2githubgithub.com/Jagadeesh7532/-CVE-2020-0796-SMBGhost-Windows-10-SMBv3-Remote-Code-Execution-Vulnerability2githubgithub.com/MasterSploit/LPE---CVE-2020-07962githubgithub.com/TinToSer/CVE-2020-0796-LPE2githubgithub.com/Anonimo501/SMBGhost_CVE-2020-0796_checker2githubgithub.com/laolisafe/CVE-2020-07962githubgithub.com/DannyRavi/nmap-scripts2githubgithub.com/cory-zajicek/CVE-2020-0796-DoS1githubgithub.com/awareseven/eternalghosttest1githubgithub.com/Dhoomralochana/Scanners-for-CVE-2020-0796-Testing1githubgithub.com/netscylla/SMBGhost1githubgithub.com/BinaryShadow94/SMBv3.1.1-scan---CVE-2020-07961githubgithub.com/ran-sama/CVE-2020-07961githubgithub.com/julixsalas/CVE-2020-07961githubgithub.com/LabDookhtegan/CVE-2020-0796-EXP1githubgithub.com/datntsec/CVE-2020-07961githubgithub.com/1stPeak/CVE-2020-0796-Scanner1githubgithub.com/F6JO/CVE-2020-0796-Batch-scanning1githubgithub.com/arzuozkan/CVE-2020-07961githubgithub.com/SEHandler/CVE-2020-07961githubgithub.com/OldDream666/cve-2020-07961githubgithub.com/AdamSonov/smbGhostCVE-2020-07961githubgithub.com/bsec404/CVE-2020-07961githubgithub.com/cybermads/CVE-2020-07961githubgithub.com/1060275195/SMBGhost0githubgithub.com/Almorabea/SMBGhost-WorkaroundApplier0githubgithub.com/UraSecTeam/smbee0githubgithub.com/xax007/CVE-2020-0796-Scanner0githubgithub.com/AaronCaiii/CVE-2020-0796-POC0githubgithub.com/maqeel-git/CVE-2020-07960githubgithub.com/kn6869610/CVE-2020-07960githubgithub.com/esmwaSpyware/DoS-PoC-for-CVE-2020-0796-SMBGhost-0githubgithub.com/tdevworks/CVE-2020-0796-SMBGhost-Exploit-Demo0githubgithub.com/intelliroot-tech/cve-2020-0796-Scanner0githubgithub.com/section-c/CVE-2020-07960githubgithub.com/bacth0san96/SMBGhostScanner0githubgithub.com/halsten/CVE-2020-07960githubgithub.com/ysyyrps123/CVE-2020-07960githubgithub.com/ysyyrps123/CVE-2020-0796-exp0githubgithub.com/tripledd/cve-2020-0796-vuln0githubgithub.com/wsfengfan/CVE-2020-07960githubgithub.com/Opensitoo/cve-2020-07960githubgithub.com/Murasame-nc/CVE-2020-0796-LPE-POC0githubgithub.com/lisinan988/CVE-2020-0796-exp0githubgithub.com/vsai94/ECE9069_SMBGhost_Exploit_CVE-2020-0796-0githubgithub.com/nyambiblaise/Microsoft-Windows-SMBGhost-Vulnerability-Checker---CVE-2020-0796---SMBv3-RCE0githubgithub.com/thai1012/cve-2020-07960githubgithub.com/TweatherQ/CVE-2020-07960githubgithub.com/krizzz07/CVE-2020-07960githubgithub.com/Justjeff211/conti-ransomware-writeup0githubgithub.com/hungdnvp/POC-CVE-2020-07960githubgithub.com/z3ena/Exploiting-and-Mitigating-CVE-2020-0796-SMBGhost-and-Print-Spooler-Vulnerabilities0githubgithub.com/monjheta/CVE-2020-07960cve_referencepacketstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.htmlno verificadocve_referencepacketstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.htmlno verificadocve_referencepacketstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.htmlno verificadoexploitdbwww.exploit-db.com/exploits/48267no verificadocve_referencepacketstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.htmlno verificadocve_referencepacketstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.htmlno verificadoexploitdbwww.exploit-db.com/exploits/48537no verificadoexploitdbwww.exploit-db.com/exploits/48216no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0796